PT-2022-28250 · Unknown+1 · Masterminds/Html5+2
Published
2022-09-15
·
Updated
2022-09-15
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 7.6.58 ELTS
TYPO3 versions prior to 8.7.48 ELTS
TYPO3 versions prior to 9.5.37 ELTS
TYPO3 versions prior to 10.4.32
TYPO3 versions prior to 11.5.16
Description
A parsing issue in the upstream package masterminds/html5 allows malicious markup to bypass the cross-site scripting mechanism of typo3/html-sanitizer when used in a sequence with special HTML comments.
Recommendations
Update to TYPO3 version 7.6.58 ELTS to resolve the issue.
Update to TYPO3 version 8.7.48 ELTS to resolve the issue.
Update to TYPO3 version 9.5.37 ELTS to resolve the issue.
Update to TYPO3 version 10.4.32 to resolve the issue.
Update to TYPO3 version 11.5.16 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typo3
Masterminds/Html5
Typo3/Html-Sanitizer