CVE-2026-47344EPSS p19.7%

CVE-2026-47344CVE-2026-47344

Description

When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Scoring

EPSS0.28% probability of exploitation · percentile 19.7% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47345
CVE
CVE-2026-47348
CVE
CVE-2026-47347
CVE
CVE-2026-47343
CVE
CVE-2026-47351
CVE
CVE-2026-47346
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.