CVE-2026-47345

CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Vulnerability class: XSS (Cross-Site Scripting)

Weakness classification (CWE)

References