php · typo3/html-sanitizerHeads-up
typo3/html-sanitizer: Namespace attribute encoding bypass (XSS)
Namespace attributes are not encoded correctly during HTML serialization, allowing bypass of the cross-site scripting prevention mechanism in typo3/html-sanitizer before version 2.
What changed
Namespace attributes are not encoded correctly during HTML serialization, allowing bypass of the cross-site scripting prevention mechanism in typo3/html-sanitizer before version 2.3.2.
Who it affects
Users of typo3/html-sanitizer versions prior to 2.3.2.
What to do today
Upgrade typo3/html-sanitizer to version 2.3.2 or later.
The trail
Collected→
Audited→
Written→
Published