Cross-Site Scripting Vulnerability in TYPO3 HTML Sanitizer by TYPO3
CVE-2026-47344
2.1LOW
What is CVE-2026-47344?
A vulnerability exists in the TYPO3 HTML Sanitizer where the ALLOW_INSECURE_RAW_TEXT option, when enabled, allows the processing of whitespace-variant closing tags, such as . This oversight means that browsers can interpret these tags as valid, while the sanitizer fails to recognize them. As a result, attackers can exploit this vulnerability to insert malicious scripts, effectively bypassing the intended cross-site scripting prevention mechanisms in TYPO3 versions earlier than 2.3.2.
Affected Version(s)
HTML Sanitizer 0 < 2.3.2
