Cross-Site Scripting Vulnerability in TYPO3 HTML Sanitizer
CVE-2026-47345
5.1MEDIUM
What is CVE-2026-47345?
A vulnerability exists in TYPO3 HTML Sanitizer where namespace attributes are incorrectly encoded during the HTML serialization process. This flaw permits attackers to bypass the cross-site scripting (XSS) prevention mechanisms, posing a significant risk to the integrity and security of affected TYPO3 installations prior to version 2.3.2. Users are advised to upgrade to the latest version to mitigate this vulnerability.
Affected Version(s)
HTML Sanitizer 0 < 2.3.2
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Doyensec in collaboration with Claude and Anthropic Research
Benjamin Franzke
