CVE-2026-47345: Html5 Php Outputrules Missing Namespaceattrs
Classes extending `Masterminds\HTML5\Serializer\OutputRules` but failing to override `namespaceAttrs` may serialize namespace attributes (like `xmlns:*`) directly to the output without context-aware HTML encoding. If this class is used within an HTML sanitization mechanism, this omission can lead to Cross-Site Scripting (XSS) via maliciously crafted namespac
PHPβgreprules fetch cve-2026-47345-html5-php-outputrules-missing-namespaceattrs --engine opengrepDescription
Classes extending `Masterminds\HTML5\Serializer\OutputRules` but failing to override `namespaceAttrs` may serialize namespace attributes (like `xmlns:*`) directly to the output without context-aware HTML encoding. If this class is used within an HTML sanitization mechanism, this omission can lead to Cross-Site Scripting (XSS) via maliciously crafted namespac
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0