Direkt zum Inhalt springen

15.12.2014 | Brain Appeal

3 TYPO3 extensions need an update: ameos_dragndropupload, si_bibtex and wf_gallery

Today 3 TYPO3 security updates were released: The extensions ameos_dragndropupload, si_bibtex and wf_gallery need an update! If you are using one of these extensions, please update to the latest version!

ameos_dragndropupload

Several vulnerabilities have been discovered in the TYPO3 extension "Drag Drop Mass Upload" (ameos_dragndropupload).

Affected version: 3.1.1 and all predecessors

Attack types: Cross-site scripting, cross-site request forgery, improper access control

Risk: Medium

Solution: Update to version 3.1.2

 

si_bibtex

Various attack scenarios were also discovered in the "BibTex Publications" extension (si_bibtex) to open doors.

Affected version: 0.2.3 and all predecessors

Forms of attack: Cross-site scripting, SQL injection

Risk: Medium

Solution: Update to version 0.2.5

 

wf_gallery

In the extension "wfGallery" (wf_gallery), users can use HTML to apply cross-site scripting methods that do not properly validate user input.

Affected version: 1.0.3 and all predecessors

Forms of attack: Cross-site scripting

Risk: Medium

Solution: Update to version 1.0.4