CVE-2023-47125 – By-passing Cross-Site Scripting Protection in HTML Sanitizer
https://notcve.org/view.php?id=CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. • https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54 https://typo3.org/security/advisory/typo3-core-sa-2023-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-38500 – By-passing Cross-Site Scripting Protection in HTML Sanitizer
https://notcve.org/view.php?id=CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem. • https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g https://typo3.org/security/advisory/typo3-core-sa-2023-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23499 – Cross-Site Scripting Protection bypass in HTML Sanitizer
https://notcve.org/view.php?id=CVE-2022-23499
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the upstream package masterminds/html5. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. The upstream package masterminds/html5 provides HTML raw text elements (`script`, `style`, `noframes`, `noembed` and `iframe`) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that's why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting. • https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-hvwx-qh2h-xcfj • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36020 – Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
https://notcve.org/view.php?id=CVE-2022-36020
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. • https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493 https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235 https://packagist.org/packages/masterminds/html5 https://packagist.org/packages/typo3/html-sanitizer • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-3741 – rubygem-rails-html-sanitizer: non-whitelisted attributes are present in sanitized output when input with specially-crafted HTML fragments leading to XSS vulnerability
https://notcve.org/view.php?id=CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. Es posible que haya una vulnerabilidad Cross-Site Scripting (XSS) en todas las versiones inferiores a la 1.0.4 de la gema rails-html-sanitizer para Ruby. • https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae https://access.redhat.com/security/cve/CVE-2018-3741 https://bugzilla.redhat.com/show_bug.cgi?id=1568842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •