typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the CDATA and HTML raw text elements, allowing an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/html-sanitizer | le | v2.1.0 | |
typo3/html-sanitizer | le | v1.5.x-dev | |
typo3/html-sanitizer | le | v2.1.0 | |
typo3/html-sanitizer | le | v1.5.x-dev |
github.com/TYPO3/html-sanitizer/commit/385741b1f89a41e718748a773c85d0d3322bcefb
github.com/TYPO3/html-sanitizer/commit/f8b9c466a08fe4b7bd32b4b8dbde5cf7fbfa9956
github.com/TYPO3/html-sanitizer/pull/105
github.com/TYPO3/html-sanitizer/pull/106
github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj