6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
typo3/html-sanitizer is vulnerable to Cross-site Scripting (XSS). The vulnerability allows an attacker to inject malicious code into a vulnerable TYPO3 website through bypassing the cross-site scripting prevention mechanisms via crafting a specially crafted URL or form submission. The malicious code would then be executed by other users who view the URL or submit the form on the vulnerable website.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/html-sanitizer | le | v1.5.2 | |
typo3/html-sanitizer | le | v2.1.3 | |
typo3/html-sanitizer | le | v1.5.2 | |
typo3/html-sanitizer | le | v2.1.3 |
github.com/advisories/GHSA-mm79-jhqm-9j54
github.com/Masterminds/html5-php/issues/241
github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff
github.com/TYPO3/html-sanitizer/commit/cead6b60be7122c9e6bdc40f702ca8b5980abca4
github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54
typo3.org/security/advisory/typo3-core-sa-2023-007
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%