CVE-2022-36020 — Cross-site Scripting in Html Sanitizer

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Html Sanitizer Typo3 CMS Typo3 Cms-core +1 more

Timeline

PublishedSep 13

Latest updateSep 16

Description

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanit…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶NVDtypo3/html_sanitizer1.0.0 — 1.0.7+1

▶Packagisttypo3/html-sanitizer1.0.0 — 1.0.7+1

▶CVEListV5typo3/html-sanitizer>= 1.0.0, < 1.0.7, >= 2.0.0, < 2.0.16+1

▶Packagisttypo3/cms10.0.0 — 10.4.32+1

▶Packagisttypo3/cms-core10.0.0 — 10.4.32+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection↗2022-09-16

▶

GHSA

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection↗2022-09-16

▶

CVEList

Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer↗2022-09-13

▶