Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:37023
HistorySep 14, 2022 - 6:11 a.m.

Cross-site Scripting (XSS)

2022-09-1406:11:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
xss
html-sanitizer
vulnerability
masterminds/html5
composer.json
tokenizer.php
javascript

EPSS

0.001

Percentile

47.8%

JSON

typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the vulnerable masterminds/html5 dependency used in composer.json, which does not properly sanitize the comment end bang state in the isCommentEnd function of Tokenizer.php, allowing an attacker to inject and execute malicious javascript.

Related

prion 1
friendsofphp 3
github 1
osv 2
cvelist 1
cve 1
openvas 1
nvd 1
prion
prion
Cross site scripting
2022-09-13 17:15:00
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
2022-09-13 08:07:02
GHSA-47m6-46mj-p235: By-passing Cross-Site Scripting Protection in HTML Sanitizer
2022-09-13 07:28:57
TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
2022-09-13 08:07:02
github
github
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
2022-09-16 18:50:12
osv
osv
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
2022-09-16 18:50:12
CVE-2022-36020
2022-09-13 17:15:08
cvelist
cvelist
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
2022-09-13 16:55:10
cve
cve
CVE-2022-36020
2022-09-13 17:15:08
openvas
openvas
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-011)
2022-12-15 00:00:00
nvd
nvd
CVE-2022-36020
2022-09-13 17:15:08

EPSS

0.001

Percentile

47.8%

JSON
Related for VERACODE:37023
prion1friendsofphp3github1osv2cvelist1cve1openvas1nvd1