TYPO3 HTML Sanitizer XSS via noscript before 1.5.1/2.1.2
CVE-2023-38500 Published on July 25, 2023
By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.
Vulnerability Analysis
CVE-2023-38500 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-38500 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-38500
Want to know whenever a new CVE is published for TYPO3 Html Sanitizer? stack.watch will email you.
Affected Versions
TYPO3 html-sanitizer:- Version >= 1.0.0, < 1.5.1 is affected.
- Version >= 2.0.0, < 2.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.