Cross-site Scripting (XSS)
enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the cleanXlinkHrefs method only checking lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling XSS or external domain linking...