Lucene search
PRIOn knowledge basePRION:CVE-2023-22461HistoryJan 04, 2023 - 3:15 p.m.
Cross site scripting
2023-01-0415:15:00
PRIOn knowledge base
www.prio-n.com
2
sanitize-svg
svg sanitizer
deny-list-pattern
xss
vulnerability
0.001 Low
EPSS
Percentile
29.0%
The sanitize-svg package, a small SVG sanitizer to prevent cross-site scripting attacks, uses a deny-list-pattern to sanitize SVGs to prevent XSS. In doing so, literal <script>-tags and on-event handlers were detected in versions prior to 0.4.0. As a result, downstream software that relies on sanitize-svg and expects resulting SVGs to be safe, may be vulnerable to cross-site scripting. This vulnerability was addressed in v0.4.0. There are no known workarounds
| CPE | Name | Operator | Version |
|---|---|---|---|
| sanitize-svg | lt | 0.4.0 |
Related
osv
osv
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
2023-01-05 12:18:35
CVE-2023-22461
2023-01-04 15:15:09
github
github
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
2023-01-05 12:18:35
veracode
veracode
Cross-Site Scripting (XSS)
2023-01-17 13:07:37
cvelist
cvelist
CVE-2023-22461 sanitize-svg Filter Bypass Allows Cross-Site Scripting (XSS)
2023-01-04 14:57:04
nvd
nvd
CVE-2023-22461
2023-01-04 15:15:09
cve
cve
CVE-2023-22461
2023-01-04 15:15:09