GMS-2022-4096: TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows to by-pass the cross-site scripting mechanism of typo3/html-sanitizer.
References
Detect and mitigate GMS-2022-4096 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →