Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting.

For the stable distribution (wheezy), this problem has been fixed in version 4.5.19+dfsg1-5+wheezy1. For the testing distribution (jessie), this problem has been fixed in version 4.5.29+dfsg1-1. For the unstable distribution (sid), this problem has been fixed in version 4.5.29+dfsg1-1. We recommend that you upgrade your typo3-src packages.

TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules.

typo3-src on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2772.html

---

Updated on 2015-03-25