It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is vulnerable to Cross-Site Scripting.

More... (http://typo3.org/news/article/cross-site-scripting-vulnerability-in-extension-front-end-user-registration-sr-feuser-register/)