CVE Catalog

CVE-2026-47345

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

5th percentile - higher than 5% of all known CVEs

Summary

Namespace attributes are not encoded correctly during HTML serialization, allowing bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Risk Assessment

Organizations may be exposed to cross-site scripting attacks, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to version 2.3.2 or later to mitigate this vulnerability.

Original NVD description (English source)

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS