Tedi discount fixes some XSS issues

“Tedi” is the name of a big discounter (about 1300 shops) in Germany. Like every normal company, “Tedi” maintains a website on which they inform their customers about the newest offers and/or opening hours for example.

The “TEDi GmbH & Co. KG” uses Typo3 as the content management system, which is pretty solid. However, they used a third-party extension for the newsletter which was prone to XSS.

We contacted the company on the 23th of march 2013 and received some a positive feedback just a couple of days later. It took them about two weeks to fix that issue and we are happy with that.

The team of internetwache.org


Screenshot of the Cross-Site Scripting vuln