It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.

More... (http://news.typo3.org/news/article/security-bulletin-typo3-20080505-2-cross-site-scripting-vulnerability-in-extension-powermail/)