VYPR
Moderate severityNVD Advisory· Published Nov 14, 2023· Updated Aug 29, 2024

By-passing Cross-Site Scripting Protection in HTML Sanitizer

CVE-2023-47125

Description

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/html-sanitizerPackagist
>= 1.0.0, < 1.5.31.5.3
typo3/html-sanitizerPackagist
>= 2.0.0, < 2.1.42.1.4

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.