Lucene search
Veracode Vulnerability DatabaseVERACODE:38467HistoryDec 14, 2022 - 4:54 a.m.
Cross-site Scripting (XSS)
2022-12-1404:54:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
xss
typo3
html-sanitizer
cdata
javascript
0.001 Low
EPSS
Percentile
36.5%
typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the CDATA and HTML raw text elements, allowing an attacker to inject and execute malicious JavaScript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/html-sanitizer | le | v2.1.0 | |
| typo3/html-sanitizer | le | v1.5.x-dev | |
| typo3/html-sanitizer | le | v2.1.0 | |
| typo3/html-sanitizer | le | v1.5.x-dev |
References
github.com/TYPO3/html-sanitizer/commit/385741b1f89a41e718748a773c85d0d3322bcefb
github.com/TYPO3/html-sanitizer/commit/f8b9c466a08fe4b7bd32b4b8dbde5cf7fbfa9956
github.com/TYPO3/html-sanitizer/pull/105
github.com/TYPO3/html-sanitizer/pull/106
github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj
Related
osv
osv
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
2022-12-13 16:59:12
CVE-2022-23499
2022-12-13 21:15:11
nessus
nessus
friendsofphp
friendsofphp
nvd
nvd
CVE-2022-23499
2022-12-13 21:15:11
cve
cve
CVE-2022-23499
2022-12-13 21:15:11
prion
prion
Cross site scripting
2022-12-13 21:15:00
openvas
openvas
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-017)
2022-12-14 00:00:00
cvelist
cvelist
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer
2022-12-13 20:29:41
github
github
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
2022-12-13 16:59:12
freebsd
freebsd
typo3 -- multiple vulnerabilities
2022-12-13 00:00:00