3 TYPO3 extensions need an update: ameos_dragndropupload, si_bibtex and wf_gallery
Today 3 TYPO3 security updates were released: The extensions ameos_dragndropupload, si_bibtex and wf_gallery need an update! If you are using one of these extensions, please update to the latest version!
ameos_dragndropupload
Several vulnerabilities have been discovered in the TYPO3 extension "Drag Drop Mass Upload" (ameos_dragndropupload).
Affected version: 3.1.1 and all predecessors
Attack types: Cross-site scripting, cross-site request forgery, improper access control
Risk: Medium
Solution: Update to version 3.1.2
si_bibtex
Various attack scenarios were also discovered in the "BibTex Publications" extension (si_bibtex) to open doors.
Affected version: 0.2.3 and all predecessors
Forms of attack: Cross-site scripting, SQL injection
Risk: Medium
Solution: Update to version 0.2.5
wf_gallery
In the extension "wfGallery" (wf_gallery), users can use HTML to apply cross-site scripting methods that do not properly validate user input.
Affected version: 1.0.3 and all predecessors
Forms of attack: Cross-site scripting
Risk: Medium
Solution: Update to version 1.0.4