Search for vulnerabilities
Vulnerability details: VCID-gjpz-dm25-wbej
Vulnerability ID VCID-gjpz-dm25-wbej
Aliases GHSA-gqqf-g5r7-84vf
Summary TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) ### Problem Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://github.com/TYPO3/html-sanitizer). ### Solution Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above. ### Credits Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2022-011](https://typo3.org/security/advisory/typo3-core-sa-2022-011) * [GHSA-47m6-46mj-p235](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235)
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gqqf-g5r7-84vf
cvssv3.1 6.1 https://github.com/TYPO3/typo3
generic_textual MODERATE https://github.com/TYPO3/typo3
cvssv3.1 6.1 https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
cvssv3.1 6.1 https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
cvssv3.1_qr MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
generic_textual MODERATE https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
Reference id Reference type URL
https://github.com/TYPO3/typo3
https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
GHSA-gqqf-g5r7-84vf https://github.com/advisories/GHSA-gqqf-g5r7-84vf
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-01T12:23:02.465938+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-gqqf-g5r7-84vf/GHSA-gqqf-g5r7-84vf.json 36.1.3