Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jm95-52f4-mqfe

Summary

Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Aliases

alias	CVE-2023-47125

alias	GHSA-mm79-jhqm-9j54

Fixed_packages

url	pkg:composer/typo3/html-sanitizer@1.5.3
purl	pkg:composer/typo3/html-sanitizer@1.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.3

url	pkg:composer/typo3/html-sanitizer@2.1.4
purl	pkg:composer/typo3/html-sanitizer@2.1.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.4

Affected_packages

url pkg:composer/typo3/html-sanitizer@1.0.0

purl pkg:composer/typo3/html-sanitizer@1.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.0

url pkg:composer/typo3/html-sanitizer@1.0.1

purl pkg:composer/typo3/html-sanitizer@1.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.1

url pkg:composer/typo3/html-sanitizer@1.0.2

purl pkg:composer/typo3/html-sanitizer@1.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.2

url pkg:composer/typo3/html-sanitizer@1.0.3

purl pkg:composer/typo3/html-sanitizer@1.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.3

url pkg:composer/typo3/html-sanitizer@1.0.4

purl pkg:composer/typo3/html-sanitizer@1.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.4

url pkg:composer/typo3/html-sanitizer@1.0.5

purl pkg:composer/typo3/html-sanitizer@1.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.5

url pkg:composer/typo3/html-sanitizer@1.0.6

purl pkg:composer/typo3/html-sanitizer@1.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.6

url pkg:composer/typo3/html-sanitizer@1.0.7

purl pkg:composer/typo3/html-sanitizer@1.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.0.7

url pkg:composer/typo3/html-sanitizer@1.5.0

purl pkg:composer/typo3/html-sanitizer@1.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.0

url pkg:composer/typo3/html-sanitizer@1.5.1

purl pkg:composer/typo3/html-sanitizer@1.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.1

url pkg:composer/typo3/html-sanitizer@1.5.2

purl pkg:composer/typo3/html-sanitizer@1.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@1.5.2

url pkg:composer/typo3/html-sanitizer@2.0.0

purl pkg:composer/typo3/html-sanitizer@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.0

url pkg:composer/typo3/html-sanitizer@2.0.1

purl pkg:composer/typo3/html-sanitizer@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.1

url pkg:composer/typo3/html-sanitizer@2.0.2

purl pkg:composer/typo3/html-sanitizer@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.2

url pkg:composer/typo3/html-sanitizer@2.0.3

purl pkg:composer/typo3/html-sanitizer@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.3

url pkg:composer/typo3/html-sanitizer@2.0.4

purl pkg:composer/typo3/html-sanitizer@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.4

url pkg:composer/typo3/html-sanitizer@2.0.5

purl pkg:composer/typo3/html-sanitizer@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.5

url pkg:composer/typo3/html-sanitizer@2.0.6

purl pkg:composer/typo3/html-sanitizer@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.6

url pkg:composer/typo3/html-sanitizer@2.0.7

purl pkg:composer/typo3/html-sanitizer@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.7

url pkg:composer/typo3/html-sanitizer@2.0.8

purl pkg:composer/typo3/html-sanitizer@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.8

url pkg:composer/typo3/html-sanitizer@2.0.9

purl pkg:composer/typo3/html-sanitizer@2.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.9

url pkg:composer/typo3/html-sanitizer@2.0.10

purl pkg:composer/typo3/html-sanitizer@2.0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.10

url pkg:composer/typo3/html-sanitizer@2.0.11

purl pkg:composer/typo3/html-sanitizer@2.0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.11

url pkg:composer/typo3/html-sanitizer@2.0.12

purl pkg:composer/typo3/html-sanitizer@2.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.12

url pkg:composer/typo3/html-sanitizer@2.0.13

purl pkg:composer/typo3/html-sanitizer@2.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.13

url pkg:composer/typo3/html-sanitizer@2.0.14

purl pkg:composer/typo3/html-sanitizer@2.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.14

url pkg:composer/typo3/html-sanitizer@2.0.15

purl pkg:composer/typo3/html-sanitizer@2.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1yxw-saf5-wue7

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.15

url pkg:composer/typo3/html-sanitizer@2.0.16

purl pkg:composer/typo3/html-sanitizer@2.0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.0.16

url pkg:composer/typo3/html-sanitizer@2.1.0

purl pkg:composer/typo3/html-sanitizer@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

vulnerability	VCID-yj9g-uz1a-jkf2

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.0

url pkg:composer/typo3/html-sanitizer@2.1.1

purl pkg:composer/typo3/html-sanitizer@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

vulnerability	VCID-ntv8-t4pv-hfa6

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.1

url pkg:composer/typo3/html-sanitizer@2.1.2

purl pkg:composer/typo3/html-sanitizer@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.2

url pkg:composer/typo3/html-sanitizer@2.1.3

purl pkg:composer/typo3/html-sanitizer@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jm95-52f4-mqfe

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/html-sanitizer@2.1.3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-47125

reference_id

reference_type

scores

value	0.00484
scoring_system	epss
scoring_elements	0.65291
published_at	2026-04-08T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.6525
published_at	2026-04-02T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65281
published_at	2026-04-13T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65309
published_at	2026-04-12T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65321
published_at	2026-04-11T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65276
published_at	2026-04-04T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65241
published_at	2026-04-07T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65303
published_at	2026-04-09T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65322
published_at	2026-04-24T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65308
published_at	2026-04-21T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65325
published_at	2026-04-18T12:55:00Z

value	0.00484
scoring_system	epss
scoring_elements	0.65315
published_at	2026-04-16T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68441
published_at	2026-04-26T12:55:00Z

value	0.00563
scoring_system	epss
scoring_elements	0.68445
published_at	2026-04-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-47125

reference_url

https://github.com/TYPO3/html-sanitizer

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/html-sanitizer

reference_url

https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/

url

https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2023-007

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2023-007

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-47125

reference_id

CVE-2023-47125

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-47125

reference_url

https://github.com/advisories/GHSA-mm79-jhqm-9j54

reference_id

GHSA-mm79-jhqm-9j54

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mm79-jhqm-9j54

reference_url

https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54

reference_id

GHSA-mm79-jhqm-9j54

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:25:20Z/

url

https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm95-52f4-mqfe

Vulnerability Instance