It has been discovered that the TYPO3 Core is vulnerable to Cross-site scripting, SQL-Injection, Remote shell command execution, Information Disclosure and insecure Install Tool...

More... (http://news.typo3.org/news/article/multiple-security-issues-found-in-typo3-core-1/)