CVE-2026-47345 – TYPO3 HTML Sanitizer allows Cross-Site Scripting

CVE ID :CVE-2026-47345

Published : June 8, 2026, 8:17 p.m. | 17 minutes ago

Description :Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…