Cross-Site Scripting (XSS)

typo3/html-sanitizer is vulnerable to Cross-Site Scripting XSS. The vulnerability exists because a malicious text embedded in a noscript element was not encoded appropriately due to a serialization layer encoding bug, which allows an attacker to inject and execute arbitrary JavaScript when noscri...