vulnerability

FreeBSD: VID-0eab001a-9708-11ec-96c9-589cfc0f81b0 (CVE-2022-23638): typo3 -- XSS vulnerability in svg-sanitize

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Feb 27, 2022	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Feb 27, 2022

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML (fetched as text/html) was susceptible to cross-site scripting. Plain SVG files (fetched as image/svg+xml) were not affected.

Solutions

freebsd-upgrade-package-typo3-10-php74freebsd-upgrade-package-typo3-11-php74freebsd-upgrade-package-typo3-11-php80freebsd-upgrade-package-typo3-11-php81

References

CVE-2022-23638
https://attackerkb.com/topics/CVE-2022-23638
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today