Lucene search
GoogleOSV:GHSA-59CF-M7V5-WH5WHistoryMay 13, 2020 - 10:17 p.m.
Cross-Site Scripting in SVG Sanitizer
2020-05-1322:17:34
Google
osv.dev
7
0.001 Low
EPSS
Percentile
21.2%
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting.
An updated version 1.0.3 is available from the TYPo3 extension manager and at https://extensions.typo3.org/extension/download/svg_sanitizer/1.0.3/zip/
Users of the extension are advised to update the extension as soon as possible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| t3g/svg-sanitizer | eq | 1.0.1 | |
| t3g/svg-sanitizer | eq | 1.0.2 | |
| t3g/svg-sanitizer | eq | 1.0.0 |
Related
osv
osv
CVE-2020-11070
2020-05-13 19:15:11
typo3
typo3
Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
2020-05-12 00:00:00
cve
cve
CVE-2020-11070
2020-05-13 19:15:11
cvelist
cvelist
CVE-2020-11070 Cross-Site Scripting in SVG Sanitizer
2020-05-13 18:40:11
github
github
Cross-Site Scripting in SVG Sanitizer
2020-05-13 22:17:34
veracode
veracode
Cross-Site Scripting (XSS)
2020-05-14 03:58:42
prion
prion
Cross site scripting
2020-05-13 19:15:00
nvd
nvd
CVE-2020-11070
2020-05-13 19:15:11