TYPO3 File Upload Cross Site Scripting Vulnerabilities

Summary
This host is installed with TYPO3 and is prone to file upload and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code and script code. Impact Level: System/Application
Solution
Upgrade to TYPO3 version 4.0.9 or 4.1.7 or 4.2.1 or later, or apply the patch mentioned in the below link http://typo3.org/teams/security/security-bulletins/typo3-core/TYPO3-20080611-1
Insight
Multiple error exists in the application, - Insufficiently restrictive default fileDenyPattern for Apache which allows bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. - An error in fe_adminlib.inc which is not properly sanitised before being returned to the user
Affected
TYPO3 versions before 4.0.9, 4.1.0 to 4.1.7 and 4.2.0
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References