Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.

More... (http://news.typo3.org/news/article/typo3-security-bulletin-typo3-20070712-1-multiple-vulnerabilities-in-civserv/)