Lucene search
GoogleOSV:GHSA-J977-G5VJ-J27GHistoryNov 09, 2020 - 2:21 p.m.
Cross-Site Scripting in scratch-svg-renderer
2020-11-0914:21:17
Google
osv.dev
5
0.006 Low
EPSS
Percentile
78.3%
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| scratch-svg-renderer | lt | 0.2.0-.20201019174008 |
Related
prion
prion
Code injection
2020-10-21 17:15:00
cvelist
cvelist
CVE-2020-7750 Cross-site Scripting (XSS)
2020-10-21 00:00:00
zdt
zdt
cve
cve
CVE-2020-7750
2020-10-21 17:15:13
osv
osv
CVE-2020-7750
2020-10-21 17:15:13
nvd
nvd
CVE-2020-7750
2020-10-21 17:15:13
nodejs
nodejs
Cross-Site Scripting in scratch-svg-renderer
2020-11-09 14:24:31
githubexploit
githubexploit
Exploit for Cross-site Scripting in Mit Scratch-Svg-Renderer
2020-12-08 13:40:01
github
github
Cross-Site Scripting in scratch-svg-renderer
2020-11-09 14:21:17
packetstorm
packetstorm
Scratch Desktop 3.17 Code Execution / Cross Site Scripting
2021-07-02 00:00:00
exploitdb
exploitdb
Scratch Desktop 3.17 - Remote Code Execution
2021-07-02 00:00:00