6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.4%
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the “xlink:href” attribute due to mishandling of the xlink namespace by the sanitizer.
snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969