It has been discovered that the extension "wfGallery" (wf_gallery) is susceptible to Cross-Site Scripting.

More... (http://www.typo3.org/news/article/cross-site-scripting-vulnerability-in-wfgallery-wf-gallery/)