CVE Catalog
CVE-2026-47345
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk0.02%
5th percentile - higher than 5% of all known CVEs
Summary
Namespace attributes are not encoded correctly during HTML serialization, allowing bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.
Risk Assessment
Organizations may be exposed to cross-site scripting attacks, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to upgrade to version 2.3.2 or later to mitigate this vulnerability.
Original NVD description (English source)
Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

