ExtJS charts.swf cross site scripting


The ExtJS JavaScript framework that is shipped with TYPO3 also delivers a flash file to show charts. This file is susceptible to cross site scripting (XSS). This vulnerability can be exploited without any authentication.


Update to TYPO3 versions 4.5.34, 4.7.19, 6.0.14, 6.1.9 or 6.2.3 that fix the problem described or delete the file typo3/contrib/extjs/resources/charts.swf as it is not used by TYPO3 at all.