=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN264
_____________________________________________________________________

DATE                      : 01/07/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running  WEC Discussion Forum
                              extension for TYPO3.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/
______________________________________________________________________

TYPO3 Security Bulletin TYPO3-20080701-4: Multiple vulnerabilities in 
extension WEC Discussion Forum (wec_discussion)

Component Type: Third party extension. This extension is not a part of 
the TYPO3 default installation.

Affected Versions: Version 1.6.2 and all versions below

Vulnerability Type: Arbitrary Code Execution, Cross Site Scripting

Severity: Medium

Problem Description: Failing to validate certain file types, makes it 
possible to execute arbitrary code. Failing to filter user input the 
extension is susceptible to multiple ways of Cross Site Scripting (XSS) 
making it possible to execute arbitrary JavaScript.

Solution: An updated version 1.6.3 is available from the TYPO3 extension 
manager and at 
http://typo3.org/extensions/repository/view/wec_discussion/1.6.3/. Users 
of the extension are advised to update the extension as soon as possible.

General advice: Follow the recommendations that are given in the TYPO3 
Security Cookbook. Please subscribe to the typo3-announce mailing list 
to receive future Security Bulletins via E-mail.

Credits: Credits go to Markus Angerer who discovered one of the issues. 
Furthermore the TYPO3 Security Team wishes to thank the extension author 
Dave Slayback for fixing the issues.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================