Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-36020

MEDIUM
Published 2022-09-13T16:55:10.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-36020. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
6.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.001
probability
of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.301
Higher than 30.1% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

TYPO3

html-sanitizer

Affected Versions:

>= 1.0.0, < 1.0.7 >= 2.0.0, < 2.0.16

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection

GHSA-47m6-46mj-p235

Advisory Details

> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) ### Problem Due to a parsing issue in upstream package [`masterminds/html5`](https://packagist.org/packages/masterminds/html5), malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of `typo3/html-sanitizer`. ### Solution Update to `typo3/html-sanitizer` versions 1.0.7 or 2.0.16 that fix the problem described. ### Credits Thanks to David Klein who reported this issue, and to TYPO3 security team member Oliver Hader who fixed the issue.

Affected Packages

Packagist typo3/html-sanitizer
ECOSYSTEM: ≥1.0.0 <1.0.7
Packagist typo3/html-sanitizer
ECOSYSTEM: ≥2.0.0 <2.0.16
Packagist typo3/cms-core
ECOSYSTEM: ≥10.0.0 <10.4.32
Packagist typo3/cms-core
ECOSYSTEM: ≥11.0.0 <11.5.16
Packagist typo3/cms
ECOSYSTEM: ≥10.0.0 <10.4.32
Packagist typo3/cms
ECOSYSTEM: ≥11.0.0 <11.5.16

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

WEB https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-36020
WEB https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
WEB https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
PACKAGE https://github.com/TYPO3/html-sanitizer
WEB https://packagist.org/packages/masterminds/html5
WEB https://packagist.org/packages/typo3/html-sanitizer
WEB https://typo3.org/security/advisory/typo3-core-sa-2022-011

Advisory provided by GitHub Security Advisory Database. Published: September 16, 2022, Modified: September 16, 2022

References

https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
https://packagist.org/packages/masterminds/html5
https://packagist.org/packages/typo3/html-sanitizer
Published: 2022-09-13T16:55:10.000Z
Last Modified: 2025-04-23T17:11:55.867Z
Copied to clipboard!