CVE-2026-47344 – TYPO3 HTML Sanitizer allows Cross-Site Scripting

CVE ID :CVE-2026-47344

Published : June 8, 2026, 8:17 p.m. | 17 minutes ago

Description :When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49141 – WACRM Authorization Bypass via Automation Engine Endpoint

CVE-2026-47345 – TYPO3 HTML Sanitizer allows Cross-Site Scripting

CVE-2026-46484 – Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

CVE-2026-40519 – Nginx Proxy Manager Authenticated RCE via setupCertbotPlugins()