Ipc Labs

**Name of the Vulnerable Software and Affected Versions** typo3/html-sanitizer versions prior to 2.3.2 **Description** When the `ALLOW INSECURE RAW TEXT` setting is enabled, the sanitizer fails to recognize closing tags containing whitespace variants, such as `</stylet>`. Because browsers interpret these as valid end tags, subsequent content can escape the sanitization process, enabling a bypass of the cross-site scripting prevention mechanism. **Recommendations** Update to version 2.3.2 or later. As a temporary mitigation, disable the `ALLOW INSECURE RAW TEXT` setting.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** Parsing arbitrary HTML can consume excessive CPU time, which may lead to a denial of service (a condition where a system becomes unavailable to its intended users). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.