12 matches found
Cross site scripting
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...
GHSA-HVWX-QH2H-XCFJ TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
Problem Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Besides that, the upstream package...
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
Problem Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Besides that, the upstream package...
PT-2022-16031 · Typo3 · Typo3/Html-Sanitizer
Name of the Vulnerable Software and Affected Versions: typo3/html-sanitizer versions prior to 1.5.0 or 2.1.1 Description: The HTML sanitizer is written in PHP and aims to provide XSS-safe markup based on explicitly allowed tags, attributes, and values. However, due to a parsing issue in the...
TYPO3 8.0.0 < 8.7.49 ELTS / 9.0.0 < 9.5.38 ELTS / 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 XSS (TYPO3-CORE-SA-2022-017)
The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.49 ELTS / 9.0.0 9.5.38 ELTS / 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-017 advisory. - Due to a parsing issue in the upstream packa...
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 Problem Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanis...
Cross-site Scripting (XSS)
typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable masterminds/html5 dependency used in composer.json, which does not properly sanitize the comment end bang state in the isCommentEnd function of Tokenizer.php, allowing an attacker to inject...
Cross site scripting
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...