Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ntv8-t4pv-hfa6
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.
Aliases
0
alias CVE-2023-38500
1
alias GHSA-59jf-3q9v-rh6g
Fixed_packages
0
url pkg:composer/typo3/html-sanitizer@1.5.1
purl pkg:composer/typo3/html-sanitizer@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.1
1
url pkg:composer/typo3/html-sanitizer@2.1.2
purl pkg:composer/typo3/html-sanitizer@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.2
Affected_packages
0
url pkg:composer/typo3/html-sanitizer@1.0.0
purl pkg:composer/typo3/html-sanitizer@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.0
1
url pkg:composer/typo3/html-sanitizer@1.0.1
purl pkg:composer/typo3/html-sanitizer@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.1
2
url pkg:composer/typo3/html-sanitizer@1.0.2
purl pkg:composer/typo3/html-sanitizer@1.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.2
3
url pkg:composer/typo3/html-sanitizer@1.0.3
purl pkg:composer/typo3/html-sanitizer@1.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.3
4
url pkg:composer/typo3/html-sanitizer@1.0.4
purl pkg:composer/typo3/html-sanitizer@1.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.4
5
url pkg:composer/typo3/html-sanitizer@1.0.5
purl pkg:composer/typo3/html-sanitizer@1.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.5
6
url pkg:composer/typo3/html-sanitizer@1.0.6
purl pkg:composer/typo3/html-sanitizer@1.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.6
7
url pkg:composer/typo3/html-sanitizer@1.0.7
purl pkg:composer/typo3/html-sanitizer@1.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
2
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.7
8
url pkg:composer/typo3/html-sanitizer@1.5.0
purl pkg:composer/typo3/html-sanitizer@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.0
9
url pkg:composer/typo3/html-sanitizer@2.0.0
purl pkg:composer/typo3/html-sanitizer@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.0
10
url pkg:composer/typo3/html-sanitizer@2.0.1
purl pkg:composer/typo3/html-sanitizer@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.1
11
url pkg:composer/typo3/html-sanitizer@2.0.2
purl pkg:composer/typo3/html-sanitizer@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.2
12
url pkg:composer/typo3/html-sanitizer@2.0.3
purl pkg:composer/typo3/html-sanitizer@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.3
13
url pkg:composer/typo3/html-sanitizer@2.0.4
purl pkg:composer/typo3/html-sanitizer@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.4
14
url pkg:composer/typo3/html-sanitizer@2.0.5
purl pkg:composer/typo3/html-sanitizer@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.5
15
url pkg:composer/typo3/html-sanitizer@2.0.6
purl pkg:composer/typo3/html-sanitizer@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.6
16
url pkg:composer/typo3/html-sanitizer@2.0.7
purl pkg:composer/typo3/html-sanitizer@2.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.7
17
url pkg:composer/typo3/html-sanitizer@2.0.8
purl pkg:composer/typo3/html-sanitizer@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.8
18
url pkg:composer/typo3/html-sanitizer@2.0.9
purl pkg:composer/typo3/html-sanitizer@2.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.9
19
url pkg:composer/typo3/html-sanitizer@2.0.10
purl pkg:composer/typo3/html-sanitizer@2.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.10
20
url pkg:composer/typo3/html-sanitizer@2.0.11
purl pkg:composer/typo3/html-sanitizer@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.11
21
url pkg:composer/typo3/html-sanitizer@2.0.12
purl pkg:composer/typo3/html-sanitizer@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.12
22
url pkg:composer/typo3/html-sanitizer@2.0.13
purl pkg:composer/typo3/html-sanitizer@2.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.13
23
url pkg:composer/typo3/html-sanitizer@2.0.14
purl pkg:composer/typo3/html-sanitizer@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.14
24
url pkg:composer/typo3/html-sanitizer@2.0.15
purl pkg:composer/typo3/html-sanitizer@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1yxw-saf5-wue7
1
vulnerability VCID-jm95-52f4-mqfe
2
vulnerability VCID-ntv8-t4pv-hfa6
3
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.15
25
url pkg:composer/typo3/html-sanitizer@2.0.16
purl pkg:composer/typo3/html-sanitizer@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
2
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.16
26
url pkg:composer/typo3/html-sanitizer@2.1.0
purl pkg:composer/typo3/html-sanitizer@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
2
vulnerability VCID-yj9g-uz1a-jkf2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.0
27
url pkg:composer/typo3/html-sanitizer@2.1.1
purl pkg:composer/typo3/html-sanitizer@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jm95-52f4-mqfe
1
vulnerability VCID-ntv8-t4pv-hfa6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38500
reference_id
reference_type
scores
0
value 0.00341
scoring_system epss
scoring_elements 0.56822
published_at 2026-04-04T12:55:00Z
1
value 0.00341
scoring_system epss
scoring_elements 0.5682
published_at 2026-04-13T12:55:00Z
2
value 0.00341
scoring_system epss
scoring_elements 0.56842
published_at 2026-04-12T12:55:00Z
3
value 0.00341
scoring_system epss
scoring_elements 0.56802
published_at 2026-04-02T12:55:00Z
4
value 0.00341
scoring_system epss
scoring_elements 0.56862
published_at 2026-04-11T12:55:00Z
5
value 0.00341
scoring_system epss
scoring_elements 0.56854
published_at 2026-04-09T12:55:00Z
6
value 0.00341
scoring_system epss
scoring_elements 0.5685
published_at 2026-04-08T12:55:00Z
7
value 0.00341
scoring_system epss
scoring_elements 0.56798
published_at 2026-04-07T12:55:00Z
8
value 0.00341
scoring_system epss
scoring_elements 0.56848
published_at 2026-04-18T12:55:00Z
9
value 0.00341
scoring_system epss
scoring_elements 0.56851
published_at 2026-04-16T12:55:00Z
10
value 0.00374
scoring_system epss
scoring_elements 0.59089
published_at 2026-05-07T12:55:00Z
11
value 0.00374
scoring_system epss
scoring_elements 0.5904
published_at 2026-05-05T12:55:00Z
12
value 0.00374
scoring_system epss
scoring_elements 0.5908
published_at 2026-04-29T12:55:00Z
13
value 0.00374
scoring_system epss
scoring_elements 0.59094
published_at 2026-04-26T12:55:00Z
14
value 0.00374
scoring_system epss
scoring_elements 0.59077
published_at 2026-04-24T12:55:00Z
15
value 0.00374
scoring_system epss
scoring_elements 0.59096
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38500
1
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
2
reference_url https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-002
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-002
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38500
reference_id CVE-2023-38500
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38500
5
reference_url https://github.com/advisories/GHSA-59jf-3q9v-rh6g
reference_id GHSA-59jf-3q9v-rh6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59jf-3q9v-rh6g
6
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
reference_id GHSA-59jf-3q9v-rh6g
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T16:24:38Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ntv8-t4pv-hfa6