Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mm79-jhqm-9j54: Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer.

Solution

Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the problem described.

Credits

Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

ghsa
#xss#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-47125

Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

Moderate severity GitHub Reviewed Published Nov 14, 2023 in TYPO3/html-sanitizer • Updated Nov 14, 2023

Package

composer typo3/html-sanitizer (Composer)

Affected versions

>= 1.0.0, <= 1.5.2

>= 2.0.0, <= 2.1.3

Patched versions

1.5.3

2.1.4

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer.

Solution

Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the problem described.

Credits

Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

  • TYPO3-CORE-SA-2023-007
  • Disclosure & PoC (embargoed +90 days)

References

  • GHSA-mm79-jhqm-9j54

Published to the GitHub Advisory Database

Nov 14, 2023

Last updated

Nov 14, 2023

Related news

CVE-2023-47125: By-passing Cross-Site Scripting Protection in HTML Sanitizer

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection