It has been discovered that TYPO3 Core is vulnerable to Information Disclosure and Cross-Site Scripting.

More... (http://news.typo3.org/news/article/information-disclosure-xss-in-typo3-core/)