NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-47345

Summary	Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
Publication Date	June 9, 2026, 5:17 a.m.
Registration Date	June 10, 2026, 4:12 a.m.
Last Update	June 9, 2026, 10:46 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/TYPO3/html-sanitizer/commit/8b5d0be44ded457ca993ec9ca93d859941c63764	f4fb688c-4412-4426-b4b8-421ecf27b14a
2	https://typo3.org/security/advisory/typo3-core-sa-2026-006	f4fb688c-4412-4426-b4b8-421ecf27b14a

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html