CVE-2022-36020

Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.

El paquete typo3/html-sanitizer es un saneador de HTML, escrito en PHP, cuyo objetivo es proporcionar un marcado seguro contra ataques de tipo XSS basado en etiquetas, atributos y valores explícitamente permitidos. Debido a un problema de análisis en el paquete upstream "masterminds/html5", el marcado malicioso usado en una secuencia con comentarios HTML especiales no puede ser filtrado y saneado. Esto permite omitir el mecanismo de tipo cross-site scripting de "typo3/html-sanitizer". Este problema ha sido abordado en versiones 1.0.7 y 2.0.16 del paquete "typo3/html-sanitizer". Es recomendado a usuarios actualizar. No se presentan mitigaciones conocidas para este problema

*Credits: N/A

CVSS Scores

NISTv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2022-09-13 CVE Published
2024-04-05 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235	Third Party Advisory
https://packagist.org/packages/masterminds/html5	Third Party Advisory
https://packagist.org/packages/typo3/html-sanitizer	Product

URL	Date	SRC

URL	Date	SRC
https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493	2022-09-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Typo3 Search vendor "Typo3"		Html Sanitizer Search vendor "Typo3" for product "Html Sanitizer"				>= 1.0.0 < 1.0.7 Search vendor "Typo3" for product "Html Sanitizer" and version " >= 1.0.0 < 1.0.7"		-		Affected
Typo3 Search vendor "Typo3"		Html Sanitizer Search vendor "Typo3" for product "Html Sanitizer"				>= 2.0.0 < 2.0.16 Search vendor "Typo3" for product "Html Sanitizer" and version " >= 2.0.0 < 2.0.16"		-		Affected