5 matches found
CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
CVE-2023-38500
The CVE-2023-38500 entry concerns TYPO3 HTML Sanitizer, a PHP-based HTML sanitizer. A vulnerability exists in versions 1.0.0 up to, but not including, 1.5.1 and 2.1.2, caused by an encoding issue in the serialization layer that could fail to properly encode malicious markup nested in a noscript e...
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
CVE-2023-38500 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
TYPO3 8.7.42 < 8.7.53 ELTS / 9.5.29 < 9.5.42 ELTS / 10.4.19 < 10.4.39 ELTS / 11.3.2 < 11.5.30 / 12.0.0 < 12.4.4 XSS (TYPO3-CORE-SA-2023-002)
The version of TYPO3 installed on the remote host is prior to 8.7.42 8.7.53 ELTS / 9.5.29 9.5.42 ELTS / 10.4.19 10.4.39 ELTS / 11.3.2 11.5.30 / 12.0.0 12.4.4. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-002 advisory. - Due to an encoding issue in the...