It has been discovered that the extension "KJ: Image Lightbox v2" (kj_imagelightbox2) is susceptible to Cross Site Scripting (XSS) attacks.

More... (http://news.typo3.org/news/article/security-bulletin-typo3-20080515-1-multiple-vulnerabilities-in-extension-frontend-user-registration-1/)