Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/html-sanitizer@2.0.4
Typecomposer
Namespacetypo3
Namehtml-sanitizer
Version2.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.4
Latest_non_vulnerable_version2.1.4
Affected_by_vulnerabilities
0
url VCID-1yxw-saf5-wue7
vulnerability_id VCID-1yxw-saf5-wue7
summary 
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)

### Problem
Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of `typo3/html-sanitizer`.

### Solution
Update to `typo3/html-sanitizer` versions 1.0.7 or 2.0.16 that fix the problem described.

### Credits
Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.54867
published_at 2026-04-12T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.54857
published_at 2026-04-26T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.54837
published_at 2026-04-24T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.54863
published_at 2026-04-21T12:55:00Z
4
value 0.00318
scoring_system epss
scoring_elements 0.54883
published_at 2026-04-18T12:55:00Z
5
value 0.00318
scoring_system epss
scoring_elements 0.54881
published_at 2026-04-16T12:55:00Z
6
value 0.00318
scoring_system epss
scoring_elements 0.54843
published_at 2026-04-13T12:55:00Z
7
value 0.00318
scoring_system epss
scoring_elements 0.54832
published_at 2026-04-29T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54856
published_at 2026-04-04T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54825
published_at 2026-04-07T12:55:00Z
10
value 0.00318
scoring_system epss
scoring_elements 0.54875
published_at 2026-04-08T12:55:00Z
11
value 0.00318
scoring_system epss
scoring_elements 0.54872
published_at 2026-04-09T12:55:00Z
12
value 0.00318
scoring_system epss
scoring_elements 0.54884
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
4
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
5
reference_url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
6
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
8
reference_url https://packagist.org/packages/masterminds/html5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/masterminds/html5
9
reference_url https://packagist.org/packages/typo3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/typo3/html-sanitizer
10
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-011
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-011
11
reference_url https://github.com/advisories/GHSA-47m6-46mj-p235
reference_id GHSA-47m6-46mj-p235
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47m6-46mj-p235
fixed_packages
0
url pkg:composer/typo3/html-sanitizer@2.0.16
purl pkg:composer/typo3/html-sanitizer@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
2
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.16
aliases CVE-2022-36020, GHSA-47m6-46mj-p235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1yxw-saf5-wue7
1
url VCID-jm95-52f4-mqfe
vulnerability_id VCID-jm95-52f4-mqfe
summary 
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47125
reference_id
reference_type
scores
0
value 0.00484
scoring_system epss
scoring_elements 0.65291
published_at 2026-04-08T12:55:00Z
1
value 0.00484
scoring_system epss
scoring_elements 0.6525
published_at 2026-04-02T12:55:00Z
2
value 0.00484
scoring_system epss
scoring_elements 0.65281
published_at 2026-04-13T12:55:00Z
3
value 0.00484
scoring_system epss
scoring_elements 0.65309
published_at 2026-04-12T12:55:00Z
4
value 0.00484
scoring_system epss
scoring_elements 0.65321
published_at 2026-04-11T12:55:00Z
5
value 0.00484
scoring_system epss
scoring_elements 0.65276
published_at 2026-04-04T12:55:00Z
6
value 0.00484
scoring_system epss
scoring_elements 0.65241
published_at 2026-04-07T12:55:00Z
7
value 0.00484
scoring_system epss
scoring_elements 0.65303
published_at 2026-04-09T12:55:00Z
8
value 0.00484
scoring_system epss
scoring_elements 0.65322
published_at 2026-04-24T12:55:00Z
9
value 0.00484
scoring_system epss
scoring_elements 0.65308
published_at 2026-04-21T12:55:00Z
10
value 0.00484
scoring_system epss
scoring_elements 0.65325
published_at 2026-04-18T12:55:00Z
11
value 0.00484
scoring_system epss
scoring_elements 0.65315
published_at 2026-04-16T12:55:00Z
12
value 0.00563
scoring_system epss
scoring_elements 0.68441
published_at 2026-04-26T12:55:00Z
13
value 0.00563
scoring_system epss
scoring_elements 0.68445
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47125
1
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
2
reference_url https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/
url https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-007
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-007
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47125
reference_id CVE-2023-47125
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47125
5
reference_url https://github.com/advisories/GHSA-mm79-jhqm-9j54
reference_id GHSA-mm79-jhqm-9j54
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm79-jhqm-9j54
6
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54
reference_id GHSA-mm79-jhqm-9j54
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54
fixed_packages
0
url pkg:composer/typo3/html-sanitizer@2.1.4
purl pkg:composer/typo3/html-sanitizer@2.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.4
aliases CVE-2023-47125, GHSA-mm79-jhqm-9j54
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm95-52f4-mqfe
2
url VCID-ntv8-t4pv-hfa6
vulnerability_id VCID-ntv8-t4pv-hfa6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38500
reference_id
reference_type
scores
0
value 0.00341
scoring_system epss
scoring_elements 0.56798
published_at 2026-04-07T12:55:00Z
1
value 0.00341
scoring_system epss
scoring_elements 0.56862
published_at 2026-04-11T12:55:00Z
2
value 0.00341
scoring_system epss
scoring_elements 0.56854
published_at 2026-04-09T12:55:00Z
3
value 0.00341
scoring_system epss
scoring_elements 0.56802
published_at 2026-04-02T12:55:00Z
4
value 0.00341
scoring_system epss
scoring_elements 0.5685
published_at 2026-04-08T12:55:00Z
5
value 0.00341
scoring_system epss
scoring_elements 0.56822
published_at 2026-04-04T12:55:00Z
6
value 0.00341
scoring_system epss
scoring_elements 0.56848
published_at 2026-04-18T12:55:00Z
7
value 0.00341
scoring_system epss
scoring_elements 0.56851
published_at 2026-04-16T12:55:00Z
8
value 0.00341
scoring_system epss
scoring_elements 0.5682
published_at 2026-04-13T12:55:00Z
9
value 0.00341
scoring_system epss
scoring_elements 0.56842
published_at 2026-04-12T12:55:00Z
10
value 0.00374
scoring_system epss
scoring_elements 0.5908
published_at 2026-04-29T12:55:00Z
11
value 0.00374
scoring_system epss
scoring_elements 0.59094
published_at 2026-04-26T12:55:00Z
12
value 0.00374
scoring_system epss
scoring_elements 0.59077
published_at 2026-04-24T12:55:00Z
13
value 0.00374
scoring_system epss
scoring_elements 0.59096
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38500
1
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
2
reference_url https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-002
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-002
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38500
reference_id CVE-2023-38500
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38500
5
reference_url https://github.com/advisories/GHSA-59jf-3q9v-rh6g
reference_id GHSA-59jf-3q9v-rh6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59jf-3q9v-rh6g
6
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
reference_id GHSA-59jf-3q9v-rh6g
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
fixed_packages
0
url pkg:composer/typo3/html-sanitizer@2.1.2
purl pkg:composer/typo3/html-sanitizer@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.2
aliases CVE-2023-38500, GHSA-59jf-3q9v-rh6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ntv8-t4pv-hfa6
3
url VCID-yj9g-uz1a-jkf2
vulnerability_id VCID-yj9g-uz1a-jkf2
summary 
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
### Problem
Due to a parsing issue in the upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer).

Besides that, the upstream package `masterminds/html5` provides HTML raw text elements (`script`, `style`, `noframes`, `noembed` and `iframe`) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that's why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting.

### Solution
Update to `typo3/html-sanitizer` versions 1.5.0 or 2.1.1 that fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23499
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46301
published_at 2026-04-02T12:55:00Z
1
value 0.00234
scoring_system epss
scoring_elements 0.46345
published_at 2026-04-11T12:55:00Z
2
value 0.00234
scoring_system epss
scoring_elements 0.46322
published_at 2026-04-09T12:55:00Z
3
value 0.00234
scoring_system epss
scoring_elements 0.46266
published_at 2026-04-07T12:55:00Z
4
value 0.00234
scoring_system epss
scoring_elements 0.46321
published_at 2026-04-04T12:55:00Z
5
value 0.00234
scoring_system epss
scoring_elements 0.46264
published_at 2026-04-29T12:55:00Z
6
value 0.00234
scoring_system epss
scoring_elements 0.46306
published_at 2026-04-24T12:55:00Z
7
value 0.00234
scoring_system epss
scoring_elements 0.46325
published_at 2026-04-21T12:55:00Z
8
value 0.00234
scoring_system epss
scoring_elements 0.4638
published_at 2026-04-18T12:55:00Z
9
value 0.00234
scoring_system epss
scoring_elements 0.46383
published_at 2026-04-16T12:55:00Z
10
value 0.00234
scoring_system epss
scoring_elements 0.46326
published_at 2026-04-13T12:55:00Z
11
value 0.00234
scoring_system epss
scoring_elements 0.46317
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23499
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23499.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23499.yaml
2
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
3
reference_url https://github.com/TYPO3/html-sanitizer/pull/105
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/pull/105
4
reference_url https://github.com/TYPO3/html-sanitizer/pull/106
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/pull/106
5
reference_url https://github.com/TYPO3/html-sanitizer/releases/tag/v1.5.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/releases/tag/v1.5.0
6
reference_url https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.1
7
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23499
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23499
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-017
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-017
10
reference_url https://github.com/advisories/GHSA-hvwx-qh2h-xcfj
reference_id GHSA-hvwx-qh2h-xcfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hvwx-qh2h-xcfj
fixed_packages
0
url pkg:composer/typo3/html-sanitizer@2.1.1
purl pkg:composer/typo3/html-sanitizer@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.1
aliases CVE-2022-23499, GHSA-hvwx-qh2h-xcfj, GMS-2022-8136
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yj9g-uz1a-jkf2
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.4