typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable masterminds/html5
dependency used in composer.json
, which does not properly sanitize the comment end bang state in the isCommentEnd
function of Tokenizer.php
, allowing an attacker to inject and execute malicious javascript.
github.com/Masterminds/html5-php/commit/c2aeec02bd2210dfd473370f6ad6ea9c6e4a46c4
github.com/Masterminds/html5-php/issues/217
github.com/Masterminds/html5-php/pull/218
github.com/TYPO3/html-sanitizer/commit/37f1d10d762cf8019594ff596d9207f7551001ad
github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
github.com/TYPO3/html-sanitizer/pull/86
github.com/TYPO3/html-sanitizer/pull/87
github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
packagist.org/packages/masterminds/html5
packagist.org/packages/typo3/html-sanitizer