Lucene search
UnknownNODEJS:1575HistoryNov 09, 2020 - 2:24 p.m.
Cross-Site Scripting in scratch-svg-renderer
2020-11-0914:24:31
Unknown
www.npmjs.com
29
0.006 Low
EPSS
Percentile
78.3%
Overview
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
Recommendation
Upgrade to version 0.2.0-prerelease.20201019174008 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| scratch-svg-renderer | lt | 0.2.0-prerelease.20201019174008 |
Related
osv
osv
Cross-Site Scripting in scratch-svg-renderer
2020-11-09 14:21:17
CVE-2020-7750
2020-10-21 17:15:13
nvd
nvd
CVE-2020-7750
2020-10-21 17:15:13
githubexploit
githubexploit
Exploit for Cross-site Scripting in Mit Scratch-Svg-Renderer
2020-12-08 13:40:01
github
github
Cross-Site Scripting in scratch-svg-renderer
2020-11-09 14:21:17
packetstorm
packetstorm
Scratch Desktop 3.17 Code Execution / Cross Site Scripting
2021-07-02 00:00:00
prion
prion
Code injection
2020-10-21 17:15:00
cvelist
cvelist
CVE-2020-7750 Cross-site Scripting (XSS)
2020-10-21 00:00:00
zdt
zdt
cve
cve
CVE-2020-7750
2020-10-21 17:15:13
exploitdb
exploitdb
Scratch Desktop 3.17 - Remote Code Execution
2021-07-02 00:00:00