Skip to content

Commit 8fca7a7

Browse files
Yaniv-gitYaniv-git
committed
add advisory
1 parent 61fc2bf commit 8fca7a7

File tree

2 files changed

+28
-2
lines changed

2 files changed

+28
-2
lines changed

source/_posts/By-passing Cross-Site Scripting Protection in HTML Sanitizer.md renamed to source/_posts/Typo3 HTML Sanitizer By-passing via the noscript tag.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
---
2-
title: "By-passing Cross-Site Scripting Protection in HTML Sanitizer"
2+
title: "Typo3 HTML Sanitizer By-passing via the noscript tag"
33
date: 2023-07-26
44
tags:
55
- "xss"
@@ -16,7 +16,7 @@ ghsas:
1616
Due to an encoding issue in the serialization layer, malicious markup nested in a noscript element was not encoded correctly. noscript is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer.
1717

1818
# Solution
19-
Update to typo3/html-sanitizer versions 1.5.1 or 2.1.2 that fix the problem described.
19+
Update to `typo3/html-sanitizer` versions 1.5.1 or 2.1.2 that fix the problem described.
2020

2121
# Credits
2222
Thanks to David Klein and Yaniv Nizry who reported this issue, and to TYPO3 security team members Oliver Hader and Benjamin Franzke who fixed the issue.

source/_posts/Typo3 HTML Sanitizer By-passing via the processing instructions.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
---
2+
title: "Typo3 HTML Sanitizer By-passing via the processing instructions"
3+
date: 2023-11-14
4+
tags:
5+
- "xss"
6+
- "bypass"
7+
advisory: true
8+
origin: https://github.com/advisories/GHSA-mm79-jhqm-9j54
9+
cves:
10+
- CVE-2023-47125
11+
ghsas:
12+
- "GHSA-mm79-jhqm-9j54"
13+
---
14+
# Problem
15+
DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of [typo3/html-sanitizer](https://packagist.org/packages/typo3/html-sanitizer).
16+
17+
18+
# Solution
19+
Update to `typo3/html-sanitizer` versions 1.5.3 or 2.1.4 that fix the problem described.
20+
21+
# Credits
22+
Thanks to Yaniv Nizry and Niels Dossche who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.
23+
24+
# References
25+
* [TYPO3-CORE-SA-2023-007](https://typo3.org/security/advisory/typo3-core-sa-2023-007)
26+
* [Disclosure & PoC](https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-652v-xw37-rvw7) (embargoed +90 days)

0 commit comments

Comments
 (0)