An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tbTc5LWpocW0tOWo1NM4AA3Hu
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of
typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the problem described.
Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.
Source: GitHub Advisory Database
Published: 14 days ago
Updated: 13 days ago
CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-mm79-jhqm-9j54, CVE-2023-47125
Fixed in: 2.1.4, 1.5.3