Markus Pieton and Vytautas Paulikas discovered that the embedded video and audio player in the TYPO3 web content management system is suspectible to cross-site-scripting.