Typo3 Security Report (TYPO3-CORE-SA-2012-003):
TYPO3 bundles and uses an external JavaScript and Flash Upload Library called swfupload. TYPO3 can be configured to use this Flash uploader. Input passed via the "movieName" parameter to swfupload.swf is not properly sanitised before being used in a call to "ExternalInterface.call()". This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. The existance of the swfupload library is sufficient to be vulnerable to the reported problem.
Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.