It has been discovered that TYPO3 core is susceptible to two Cross Site Scripting (XSS) issues. The frontend plugin of system extension "felogin" and the backend module "file" are vulnerable.

More... (http://news.typo3.org/news/article/cross-site-scripting-vulnerabilities-in-typo3-core/)