CVE-2023-47125

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-47125

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47125.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-47125

Aliases

Published

2023-11-14T20:15:07Z

Modified

2024-06-06T14:26:20.052549Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/typo3/html-sanitizer

Affected ranges

Type: GIT
Repo: https://github.com/typo3/html-sanitizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b8f90717251d968c49dc77f8c1e5912e2fbe0dff

Type: GIT
Repo: https://github.com/typo3/typo3.cms
Events: Introduced

36096733dea4bd6f6168209609fa879dc25c0138

Fixed

639f2dbbafa5e6835499e70e111c7f22bc6cb966

Affected versions

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.3.0

v12.4.0

v12.4.1

v12.4.2

v12.4.3

v12.4.4

v12.4.5

v12.4.6

v12.4.7

v2.*

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3