CVE-2023-47125

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-47125
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47125.json
Aliases
Published
2023-11-14T20:15:07Z
Modified
2023-11-29T10:22:34.620546Z
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/TYPO3/html-sanitizer

Affected ranges

Type
GIT
Repo
https://github.com/TYPO3/html-sanitizer
Events
Introduced
0The exact introduced commit is unknown
Fixed
Type
GIT
Repo
https://github.com/benjaminkott/bootstrap_package
Events
Type
GIT
Repo
https://github.com/typo3/html-sanitizer
Events
Type
GIT
Repo
https://github.com/typo3/typo3
Events
Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events

Affected versions

12.*

12.0.0
12.0.1
12.0.10
12.0.2
12.0.3
12.0.4
12.0.5
12.0.6
12.0.7
12.0.8
12.0.9

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.0.4
13.0.5

14.*

14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
14.0.7

v12.*

v12.0.0
v12.1.0
v12.2.0
v12.3.0
v12.4.0
v12.4.1
v12.4.2
v12.4.3
v12.4.4
v12.4.5
v12.4.6
v12.4.7

v2.*

v2.0.0
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.14
v2.0.15
v2.0.16
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3