Lucene search
K

13 matches found

Vulnrichment
Vulnrichment
added 2026/06/08 7:4 p.m.8 views

CVE-2026-47345 TYPO3 HTML Sanitizer allows Cross-Site Scripting

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS5.2AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 7:4 p.m.22 views

CVE-2026-47345

The CVE-2026-47345 issue affects the TYPO3 html-sanitizer component prior to version 2.3.2, where namespace attributes are not encoded correctly during HTML serialization, enabling bypass of the built-in XSS prevention. The underlying impact is a cross-site scripting risk in affected TYPO3 deploy...

5.1CVSS5.2AI score0.00366EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:4 p.m.6 views

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2...

5.1CVSS5.2AI score0.00366EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.6 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 7:3 p.m.33 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47448

Name of the Vulnerable Software and Affected Versions typo3/html-sanitizer versions prior to 2.3.2 Description When the ALLOW INSECURE RAW TEXT setting is enabled, the sanitizer fails to recognize closing tags containing whitespace variants, such as . Because browsers interpret these as valid end...

2.1CVSS4.9AI score0.00282EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6685

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00633EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.10 views

CVE-2023-38500

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...

6.1CVSS6AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.5 views

CVE-2022-36020

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...

6.1CVSS5.9AI score0.00633EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/07/25 9:15 p.m.107 views

CVE-2023-38500

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...

6.1CVSS6.3AI score0.0043EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/16 4:12 a.m.14 views

Cross-Site Scripting (XSS)

typo3/cms and typo3/html-sanitizer are vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable typo3/html-sanitize dependency used in composer.json, which does not properly sanitize sequences with special HTML comments, allowing an attacker to inject and execute malicio...

1.4AI score
Exploits0
NVD
NVD
added 2022/09/13 5:15 p.m.47 views

CVE-2022-36020

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...

6.1CVSS0.00633EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/13 4:55 p.m.2 views

CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...

6.1CVSS6AI score0.00633EPSS
Exploits0References4
Rows per page
Query Builder