NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47344

Summary	When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
Publication Date	June 9, 2026, 5:17 a.m.
Registration Date	June 10, 2026, 4:12 a.m.
Last Update	June 9, 2026, 10:46 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/TYPO3/html-sanitizer/commit/bd1a88d9b5a5f67f1120ec41084e9c1a0675641c	f4fb688c-4412-4426-b4b8-421ecf27b14a
2	https://typo3.org/security/advisory/typo3-core-sa-2026-006	f4fb688c-4412-4426-b4b8-421ecf27b14a

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html
2	CWE-436	解釈の競合	https://cwe.mitre.org/data/definitions/436.html