ExtJS charts.swf cross site scripting

Description
  • The ExtJS JavaScript framework that is shipped with TYPO3 also delivers a flash file to show charts. This file is susceptible to cross site scripting (XSS). This vulnerability can be exploited without any authentication.
Remediation
  • Update to TYPO3 versions 4.5.34, 4.7.19, 6.0.14, 6.1.9 or 6.2.3 that fix the problem described or delete the file typo3/contrib/extjs/resources/charts.swf as it is not used by TYPO3 at all.
References