FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

typo3 -- XSS vulnerability in svg-sanitize

Affected packages
typo3-10-php74 < 10.4.25
typo3-11-php74 < 11.5.7
typo3-11-php80 < 11.5.7
typo3-11-php81 < 11.5.7


VuXML ID 0eab001a-9708-11ec-96c9-589cfc0f81b0
Discovery 2022-02-22
Entry 2022-02-27

The TYPO3 project reports:

The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML (fetched as text/html) was susceptible to cross-site scripting. Plain SVG files (fetched as image/svg+xml) were not affected.


CVE Name CVE-2022-23638