4 matches found
Exploit for Cross-site Scripting in Typo3 Html_Sanitizer
Stored XSS exploit in TYPO3 HTML Sanitizer CVE-...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125
CVE-2023-47125 affects TYPO3’s html-sanitizer: DOM processing instructions are not handled correctly, allowing bypass of the built-in XSS protection. Affected TYPO3/core-html-sanitizer versions are mitigated by upgrading to 1.5.3 or 2.1.4, which fix the issue. The vulnerability arises in the sani...
TYPO3 8.7.42 < 8.7.55 ELTS / 9.5.29 < 9.5.44 ELTS / 10.4.19 < 10.4.41 ELTS / 11.3.2 < 11.5.33 / 12.0.0 < 12.4.8 XSS (TYPO3-CORE-SA-2023-007)
The version of TYPO3 installed on the remote host is prior to 8.7.42 8.7.55 ELTS / 9.5.29 9.5.44 ELTS / 10.4.19 10.4.41 ELTS / 11.3.2 11.5.33 / 12.0.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-007 advisory. - DOM processing instructions are not...