typo3/html-sanitizer
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting typo3/html-sanitizerpage 1 of 1
- CVE-2022-23499MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.1.12022-12-13
vulnerable: v2.0.0 ... v2.1.0 (18 versions)
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot …
- CVE-2022-36020MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.0.162022-09-13
vulnerable: v2.0.0 ... v2.0.9 (16 versions)
The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious…
- CVE-2023-38500MEDIUMCVSS 4.7EG 4.7✓ Fixed in 2.1.22023-07-25
vulnerable: v2.0.0 ... v2.1.1 (19 versions)
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to …
- CVE-2023-47125MEDIUMCVSS 4.7EG 4.7✓ Fixed in 2.1.42023-11-14
vulnerable: v2.0.0 ... v2.1.3 (21 versions)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-…
Check whether typo3/html-sanitizer is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for typo3/html-sanitizer CVEs against the assets you own.
Start Free Scan →