GHSA-mm79-jhqm-9j54: Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2023-47125

Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer

Moderate severity GitHub Reviewed Published Nov 14, 2023 in TYPO3/html-sanitizer • Updated Nov 14, 2023

Package

composer typo3/html-sanitizer (Composer)

Affected versions

>= 1.0.0, <= 1.5.2

>= 2.0.0, <= 2.1.3

Patched versions

1.5.3

2.1.4

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer.

Solution

Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the problem described.

Credits

Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

• TYPO3-CORE-SA-2023-007
• Disclosure & PoC (embargoed +90 days)

References

• GHSA-mm79-jhqm-9j54

Published to the GitHub Advisory Database

Nov 14, 2023

Last updated

Nov 14, 2023