CVE-2026-47348: Typo3 Indexed Search Item Title Xss
Unsanitized search result titles from indexed search (`item_title` or `titleaddition`) are rendered as raw HTML via `linkPage()`, leading to Cross-Site Scripting (XSS). Ensure the item title is properly encoded using `htmlspecialchars()` before use.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2026-47348-typo3-indexed-search-item-title-xss --engine opengrepDescription
Unsanitized search result titles from indexed search (`item_title` or `titleaddition`) are rendered as raw HTML via `linkPage()`, leading to Cross-Site Scripting (XSS). Ensure the item title is properly encoded using `htmlspecialchars()` before use.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0