CVE-2026-47345
- EPSS 0.37%
- Veröffentlicht 08.06.2026 19:04:08
- Zuletzt bearbeitet 09.06.2026 13:46:50
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
CVE-2026-47344
- EPSS 0.28%
- Veröffentlicht 08.06.2026 19:03:19
- Zuletzt bearbeitet 09.06.2026 13:46:50
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the ...
CVE-2023-47125
- EPSS 0.57%
- Veröffentlicht 14.11.2023 20:15:07
- Zuletzt bearbeitet 21.11.2024 08:29:49
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. ...
CVE-2023-38500
- EPSS 0.43%
- Veröffentlicht 25.07.2023 21:15:11
- Zuletzt bearbeitet 21.11.2024 08:13:42
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding...
CVE-2022-23499
- EPSS 0.44%
- Veröffentlicht 13.12.2022 21:15:11
- Zuletzt bearbeitet 21.11.2024 06:48:41
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered...
CVE-2022-36020
- EPSS 0.63%
- Veröffentlicht 13.09.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 07:12:11
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup use...