Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Career Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
      • International Career Service
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support for International Researchers
      • Service for Host Institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Ecoversity – the TU Braunschweig as a university ecosystem
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • CampusXperience
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
    • Bluesky
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
Logo Institut für Anwendungssicherheit der TU Braunschweig
CVEs and Media
  • Institute for Application Security
    • Team
    • Publications
    • Projects
    • Teaching
    • Rent a Laptop
    • Contact
    • CVEs and Media
    • LegoLab

CVEs and Media

Vulnerabilities

Several of our projects deal with questions on the security of software and consequently our research uncovers vulnerabilites, such as the ones listed below:

  • CVE-2022-36020: Typo3 HTML Sanitizer is vulnerable to XSS payloads enclosed in particular HTML comment combinations.

  • CVE-2022-23499: Typo3 HTML Sanitizer can be bypassed by embedding the payload in CDATA or by mutating out of RAWTEXT elements.

  • CVE-2023-23627: Ruby sanitize is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-38500: Typo3 HTML Sanitizer is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-43643: AntiSamy is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2023-51652: OWASP.AntiSamy is affected by an mXSS vulnerability due to incorrectly parsing the noscript tag.

  • CVE-2024-9392: Firefox is affected by a Site Isolation bypass vulnerability. A compromised renderer process could load documents from arbitrary sites.

  • CVE-2024-23635: AntiSamy is vulnerable to XSS payloads enclosed in malformed HTML comments.

  • 2024: Student Ziad Alhajjar got rewarded a bug bounty from Google. He discovered a vulnerability in Android during his master thesis work. He bypassed the Android permission system, leaking privacy-sensitive data.

Furthermore, we have uncovered and reported security vulnerabilities in numerous open source projects, e.g., DOMPurify or Hotcrp.

Media

Our research has been covered by popular media:

  • Marius has been interviewed on his research on Cryptojacking by Spiegel Online.
  • netzpolitik.org wrote about our mobile privacy research in collaboration with Datenanfragen.de e.V.
  • heise.de covered the German OWASP Day 2023 with a special focus on Simon's privacy talk.
  • Our work on HyTrack was covered by t-online (also via MSN) and Malte gave a radio interview at Radio38
Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Legal Notice Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.