-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-core | composer | >= 7.0.0, <= 7.6.57 | 7.6.58 |
| typo3/cms-core | composer | >= 8.0.0, <= 8.7.47 | 8.7.48 |
| typo3/cms-core | composer | >= 9.0.0, <= 9.5.36 | 9.5.37 |
| typo3/cms-core | composer | >= 10.0.0, <= 10.4.31 | 10.4.32 |
| typo3/cms-core | composer | >= 11.0.0, <= 11.5.15 | 11.5.16 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from a parsing flaw in the third-party 'masterminds/html5' library, not directly from TYPO3/cms-core's own code. The TYPO3 HTML sanitizer (typo3/html-sanitizer) relied on this library for HTML5 parsing, and the vulnerability was caused by how 'masterminds/html5' handled sequences with special HTML comments. The fix involved updating dependencies to patched versions (masterminds/html5 v2.7.6 and typo3/html-sanitizer v2.0.16). No specific vulnerable functions within TYPO3/cms-core's codebase are identified here - the root cause lies in the external parsing logic, not in TYPO3's implementation of the sanitizer itself.
PHPPHPKEV Misses 88% of Exploited CVEs- Get the report