News
The TYPO3 community today announced maintenance releases that contain bug and security fixes for the open source TYPO3 Enterprise CMS. The versions — TYPO3 6.2.18 LTS and TYPO3 7.6.3 LTS — include four updates and fixes.
Inside the Updates
The first, authored by Nicole Cordes, revealed that TYPO3 is susceptible to SQL (Structured Query Language) Injection, when hackers attack data-driven applications with malicious SQL statements through an entry field. The affected versions include 6.2.0 to 6.2.17. "A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal (Database Extraction Layer) is enabled and configured for MySQL pass-through mode in its extension configuration," Cordes wrote.
The second, authored by Helmut Hummel, found that TYPO3 is susceptible to Cross-Site scripting (XSS) in link validator component, when attackers inject client-side script into web pages viewed by other users. Affected versions include 6.2.0 to 6.2.17 and 7.6.0 to 7.6.2. Hummel notes a failure here to "sanitize content from editors," and hence, the link validator component is susceptible to Cross-Site scripting. "A valid editor account with access to content which is scanned by the link validator component is required to exploit this vulnerability," Hummel wrote.
The third, also authored by Hummel, again relates to Cross-Site scripting but is specific to versions 6.2.0 to 6.2.17 and specifically affects the legacy form component vs. link validator. "A valid editor account with access to a form content element is required to exploit this vulnerability," Hummel wrote.
The fourth and final update also included Cross-Site scripting, this time in form component. It affected versions 6.2.0 to 6.2.17. "Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site scripting," according to TYPO3 officials.
Learning Opportunities
Webinar
May
30
ChatGPT and the Future of Conversational AI
This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.
Webinar
May
31
The Evolution of Employee Listening - 2023 Trends & Best Practices
Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice
Webinar
Jun
1
How organizations can design, build and run Generative AI into the Customer Experience
Discover how to drive enhanced CX through Generative AI
Webinar
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
May
30
ChatGPT and the Future of Conversational AI
This discussion explores various aspects of AI implementation, ethical considerations, and challenges for your organization.
Webinar
May
31
The Evolution of Employee Listening - 2023 Trends & Best Practices
Learn proven effective methods and solutions to supporting an inspirational future of Employee Voice
The last release TYPO3 came in November, according to the community's news releases.
The new version of TYPO3 CMS 7 LTS included a redesigned, modernized interface that had been equipped with uniform color and descriptions and developed in responsive design. Officials also announced then functionality for image processing was integrated into TYPO3.
According to BuiltWith.com, more than 417,000 websites globally are powered by TYPO3, well behind big guns like WordPress (16,010,763 websites), Joomla! (2,655,626 websites) and Drupal (756,194 websites).
Have a tip to share with our editorial team? Drop us a line:
