Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38500

MEDIUM
Published 2023-07-25T20:59:53.135Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38500. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
4.7
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.004
probability
of exploitation in the wild

There is a 0.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.624
Higher than 62.4% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

TYPO3

html-sanitizer

Affected Versions:

>= 1.0.0, < 1.5.1 >= 2.0.0, < 2.1.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

By-passing Cross-Site Scripting Protection in HTML Sanitizer

GHSA-59jf-3q9v-rh6g

Advisory Details

> ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4) ### Problem Due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of [`typo3/html-sanitizer`](https://packagist.org/packages/typo3/html-sanitizer). ### Solution Update to `typo3/html-sanitizer` versions 1.5.1 or 2.1.2 that fix the problem described. ### Credits Thanks to David Klein and Yaniv Nizry who reported this issue, and to TYPO3 security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2023-002](https://typo3.org/security/advisory/typo3-core-sa-2023-002)

Affected Packages

Packagist typo3/html-sanitizer
ECOSYSTEM: ≥1.0.0 <1.5.1
Packagist typo3/html-sanitizer
ECOSYSTEM: ≥2.0.0 <2.1.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

References

WEB https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38500
WEB https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
PACKAGE https://github.com/TYPO3/html-sanitizer
WEB https://typo3.org/security/advisory/typo3-core-sa-2023-002

Advisory provided by GitHub Security Advisory Database. Published: July 25, 2023, Modified: July 25, 2023

References

https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-59jf-3q9v-rh6g
https://github.com/TYPO3/html-sanitizer/commit/e3026f589fef0be8c3574ee3f0a0bfbe33d7ebdb
https://typo3.org/security/advisory/typo3-core-sa-2023-002
Published: 2023-07-25T20:59:53.135Z
Last Modified: 2024-10-10T17:36:20.315Z
Copied to clipboard!