This bug is now officially announced as "TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core"
See this url for more information: http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/ -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/key.asc Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]