Search for packages
Package details: pkg:composer/typo3/html-sanitizer@2.1.4
purl pkg:composer/typo3/html-sanitizer@2.1.4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-qw91-ryx7-fqhz Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer > ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.3 or 2.1.4 that fix the problem described. ### Credits Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2023-007](https://typo3.org/security/advisory/typo3-core-sa-2023-007) * [Context & Details at `masterminds/html5`](https://github.com/Masterminds/html5-php/issues/241) CVE-2023-47125
GHSA-mm79-jhqm-9j54

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T16:53:46.973176+00:00 GHSA Importer Fixing VCID-qw91-ryx7-fqhz https://github.com/advisories/GHSA-mm79-jhqm-9j54 37.0.0
2025-07-01T18:15:03.747732+00:00 GitLab Importer Fixing VCID-qw91-ryx7-fqhz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/html-sanitizer/CVE-2023-47125.yml 36.1.3
2025-07-01T12:15:31.567131+00:00 GithubOSV Importer Fixing VCID-qw91-ryx7-fqhz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-mm79-jhqm-9j54/GHSA-mm79-jhqm-9j54.json 36.1.3