ExtJS charts.swf cross site scripting

Description

The ExtJS JavaScript framework that is shipped with TYPO3 also delivers a flash file to show charts. This file is susceptible to cross site scripting (XSS). This vulnerability can be exploited without any authentication.

Remediation

Update to TYPO3 versions 4.5.34, 4.7.19, 6.0.14, 6.1.9 or 6.2.3 that fix the problem described or delete the file typo3/contrib/extjs/resources/charts.swf as it is not used by TYPO3 at all.

References
Severity
Classification
Tags
  • XSS