VulnerableCode Package Details - pkg:composer/typo3/html-sanitizer@1.5.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-qw91-ryx7-fqhz Aliases: CVE-2023-47125 GHSA-mm79-jhqm-9j54	Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.3 or 2.1.4 that fix the problem described. ### Credits Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2023-007](https://typo3.org/security/advisory/typo3-core-sa-2023-007) * [Context & Details at `masterminds/html5`](https://github.com/Masterminds/html5-php/issues/241)	1.5.3 Affected by 0 other vulnerabilities. 2.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qw91-ryx7-fqhz
Aliases:
CVE-2023-47125
GHSA-mm79-jhqm-9j54

Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.3 or 2.1.4 that fix the problem described. ### Credits Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2023-007](https://typo3.org/security/advisory/typo3-core-sa-2023-007) * [Context & Details at `masterminds/html5`](https://github.com/Masterminds/html5-php/issues/241)

1.5.3
Affected by 0 other vulnerabilities.

2.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bjcu-67xc-57bn	By-passing Cross-Site Scripting Protection in HTML Sanitizer > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem Due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.1 or 2.1.2 that fix the problem described. ### Credits Thanks to David Klein and Yaniv Nizry who reported this issue, and to TYPO3 security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2023-002](https://typo3.org/security/advisory/typo3-core-sa-2023-002)	CVE-2023-38500 GHSA-59jf-3q9v-rh6g

Vulnerability

Summary

Aliases

VCID-bjcu-67xc-57bn

By-passing Cross-Site Scripting Protection in HTML Sanitizer > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem Due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.1 or 2.1.2 that fix the problem described. ### Credits Thanks to David Klein and Yaniv Nizry who reported this issue, and to TYPO3 security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2023-002](https://typo3.org/security/advisory/typo3-core-sa-2023-002)

CVE-2023-38500
GHSA-59jf-3q9v-rh6g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T18:53:21.762669+00:00	GitLab Importer	Affected by	VCID-qw91-ryx7-fqhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/html-sanitizer/CVE-2023-47125.yml	37.0.0
2025-07-03T16:53:22.692686+00:00	GHSA Importer	Fixing	VCID-bjcu-67xc-57bn	https://github.com/advisories/GHSA-59jf-3q9v-rh6g	37.0.0
2025-07-01T18:14:34.487020+00:00	GitLab Importer	Fixing	VCID-bjcu-67xc-57bn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/html-sanitizer/CVE-2023-38500.yml	36.1.3
2025-07-01T12:15:46.869614+00:00	GithubOSV Importer	Fixing	VCID-bjcu-67xc-57bn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-59jf-3q9v-rh6g/GHSA-59jf-3q9v-rh6g.json	36.1.3