Suse has released security update for typo3-cms-4_7 to fix the vulnerabilities.
openSUSE Leap 42.1
Successful exploitation allows attacker to compromise the system.
Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory openSUSE-SU-2016:2114-1 to address this issue and obtain further details.
Following are links for downloading patches to fix the vulnerabilities: