Lucene search
K

4 matches found

GithubExploit
GithubExploit
added 2026/01/23 11:13 a.m.251 views

Exploit for Cross-site Scripting in Typo3 Html_Sanitizer

Stored XSS exploit in TYPO3 HTML Sanitizer CVE-...

6.1CVSS5AI score0.00574EPSS
Exploits1
Cvelist
Cvelist
added 2023/11/14 8:7 p.m.30 views

CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

4.7CVSS6.2AI score0.00574EPSS
Exploits1References3
CVE
CVE
added 2023/11/14 8:7 p.m.93 views

CVE-2023-47125

CVE-2023-47125 affects TYPO3’s html-sanitizer: DOM processing instructions are not handled correctly, allowing bypass of the built-in XSS protection. Affected TYPO3/core-html-sanitizer versions are mitigated by upgrading to 1.5.3 or 2.1.4, which fix the issue. The vulnerability arises in the sani...

6.1CVSS5.1AI score0.00574EPSS
Exploits1References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.28 views

TYPO3 8.7.42 < 8.7.55 ELTS / 9.5.29 < 9.5.44 ELTS / 10.4.19 < 10.4.41 ELTS / 11.3.2 < 11.5.33 / 12.0.0 < 12.4.8 XSS (TYPO3-CORE-SA-2023-007)

The version of TYPO3 installed on the remote host is prior to 8.7.42 8.7.55 ELTS / 9.5.29 9.5.44 ELTS / 10.4.19 10.4.41 ELTS / 11.3.2 11.5.33 / 12.0.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-007 advisory. - DOM processing instructions are not...

6.1CVSS6.3AI score0.00574EPSS
Exploits1References2
Rows per page
Query Builder