Cross-site scripting in HTML Sanitizer - CVE-2023-47125
Published: November 14, 2023 / Updated: June 9, 2026
HTML Sanitizer
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct cross-site scripting attacks.
The vulnerability exists due to improper neutralization of input during web page generation in DOM processing instruction handling in the HTML sanitizer when processing crafted HTML content. A remote attacker can supply specially crafted HTML content to conduct cross-site scripting attacks.
User interaction is required for the crafted content to be rendered.