Lucene search

K

Svg-sanitizer Security Vulnerabilities

cve
cve

CVE-2022-23638

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround...

6.2CVSS

5.6AI Score

0.001EPSS

2022-02-14 09:15 PM
116
cve
cve

CVE-2020-11070

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site...

5.4CVSS

5AI Score

0.001EPSS

2020-05-13 07:15 PM
61
cve
cve

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the...

6.1CVSS

6.2AI Score

0.001EPSS

2019-12-11 04:15 PM
38
cve
cve

CVE-2019-18856

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is...

7.5CVSS

7.4AI Score

0.001EPSS

2019-11-11 03:15 PM
51
cve
cve

CVE-2019-18857

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert...

7.5CVSS

7.5AI Score

0.001EPSS

2019-11-11 03:15 PM
32