On March 3rd the TYPO3 security team published six security bulletins regarding extensions. The following extensions were covered: ics_utopia, listfeusers, enter_new_weeaar_googlesitemap, festat, kickstarter, solr. For details, read on …
Information Disclosure in extension “UTOPIA” (ics_utopia)
This extension will not be updated and will receive no security update. Please remove the extension from your installation and all associated files from fileadmin.
Cross-Site Scripting in extension “List frontend users” (listfeusers)
An updated version is available via TER. Please update the extension as soon as possible.
Cross-Site Scripting in extension “Google Sitemap” (enter_new_weeaar_googlesitemap)
This extension will not be updated and will receive no security update. Please remove the extension from your installation.
Multiple vulnerabilities in extension “Fe user statistic” (festat)
Old versions of extension contains multiple vulnerabilities. This leads to a severity rating of “high”. Please update as soon as possible to the current version of the TER.
Cross-Site Scripting in extension “Extension Kickstarter” (kickstarter)
In order to exploit this vulnerability a backend user with admin rights must be logged in. Please update to the latest TER version.
Cross-Site Scripting in extension “Apache Solr for TYPO3” (solr)
A cross site scripting vulnerability was discovered in the extension “solr”. Please update to the last available version on TER.
Thanks to all reporters and the TYPO3 security team for taking care of the issues and updates.