CVE-2023-38500

Summary

CVE-2023-38500 is a vulnerability affecting the TYPO3 HTML Sanitizer, an HTML sanitizer written in PHP used to provide cross-site scripting (XSS) safe markup based on allowed tags, attributes, and values. The issue lies in the serialization layer, where malicious markup nested within a `noscript` tag was not encoded correctly. Although `noscript` is disabled by default, it may have been enabled in some custom configurations. Consequently, attackers could bypass the XSS protection mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 have been released to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.