3 matches found
CVE-2022-36020
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...
CVE-2022-36020
CVE-2022-36020 affects the TYPO3 HTML sanitizer package (typo3/html-sanitizer). A parsing issue in the upstream masterminds/html5 can fail to filter a sequence of malicious markup with specific HTML comments, bypassing the built-in XSS protection. Affected versions have been fixed in typo3/html-s...