漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
TYPO3 HTML Sanitizer allows Cross-Site Scripting
Vulnerability Description
When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HTMLSanitizer 跨站脚本漏洞
Vulnerability Description
HTMLSanitizer是JuliaHub开源的一个HTML格式化软件。 HTMLSanitizer 2.3.2之前版本存在跨站脚本漏洞,该漏洞源于启用ALLOW_INSECURE_RAW_TEXT时,空白变体闭合标签未被识别,可能导致绕过跨站脚本防护机制。
CVSS Information
N/A
Vulnerability Type
N/A