PT-2022-28250 · Unknown +1 · Typo3/Html-Sanitizer +2

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.58 ELTS TYPO3 versions prior to 8.7.48 ELTS TYPO3 versions prior to 9.5.37 ELTS TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: A parsing issue in the upstream package masterminds/html5...

CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot...