Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.7 views

CVE-2022-23499

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...

6.1CVSS5.7AI score0.00438EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/12/17 12:0 a.m.33 views

FreeBSD : typo3 -- multiple vulnerabilities (d9e154c9-7de9-11ed-adca-080027d3a315)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d9e154c9-7de9-11ed-adca-080027d3a315 advisory. - HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly...

8.8CVSS5.8AI score0.00785EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/12/13 8:29 p.m.51 views

CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...

6.1CVSS6.3AI score0.00438EPSS
Exploits0References1
CVE
CVE
added 2022/12/13 8:29 p.m.121 views

CVE-2022-23499

CVE-2022-23499 describes a cross-site scripting protection bypass in TYPO3’s HTML sanitizer. The root cause is a parsing issue in the upstream masterminds/html5 library, which allows certain HTML CDATA sequences and raw text elements (script, style, noframes, noembed, iframe) to bypass the saniti...

6.1CVSS6AI score0.00438EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.21 views

TYPO3 8.0.0 < 8.7.49 ELTS / 9.0.0 < 9.5.38 ELTS / 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 XSS (TYPO3-CORE-SA-2022-017)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.49 ELTS / 9.0.0 9.5.38 ELTS / 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-017 advisory. - Due to a parsing issue in the upstream packa...

6.1CVSS5.4AI score0.00438EPSS
Exploits0References2
Rows per page
Query Builder