PT-2023-18514 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: sanitize-svg versions prior to 0.4.0 Description: The sanitize-svg package uses a deny-list-pattern to sanitize SVGs and prevent cross-site scripting attacks. However, literal -tags and on-event handlers were detected in versions prior to...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in memos, which originates when a user uploads a file with the extension .svg and accesses it directly, the server responds with Content-type: image/svg+xml causin...

CVE-2022-40011

Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...

memos 跨站脚本漏洞

memos is an open source hosted memo center with knowledge management and social features. A cross-site scripting vulnerability exists in versions of memos prior to 0.9.0, which stems from its Resource component that allows an attacker to upload a malicious svg file to enable cross-site scripting...

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

UBUNTU-CVE-2022-23519

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...

Loofah gem for Ruby 安全漏洞

The Loofah gem for Ruby is a Ruby-based library for processing and transforming HTML/XML documents. A security vulnerability exists in Loofah gem for Ruby prior to version 2.19.1, which stems from the inclusion of an inefficient regular expression that is susceptible to excessive backtracking whe...

Regular Expression Denial of Service (ReDoS)

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to containing an inefficient regular expression that is susceptible...

PT-2022-25291 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support plugin for WordPress versions 2.5 through 2.5.1 Description: The SVG Support plugin for WordPress defaults to insecure settings, allowing authenticated attackers with author-level privileges and higher to upload malicious SVG file...

Zenario CMS 跨站脚本漏洞

Zenario CMS is a Zenario open source application . Provides a Web-based content management system. A cross-site scripting vulnerability exists in Zenario CMS version 9.3.57186, which can be exploited by attackers to conduct cross-site scripting XSS attacks via svg, Users, and Contacts...

WordPress plugin SVG Support 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...

PT-2022-27100 · Unknown · Zenario Cms

Name of the Vulnerable Software and Affected Versions: Zenario CMS version 9.3.57186 Description: The issue is related to Cross Site Scripting XSS via svg in the Users & Contacts section. Recommendations: For Zenario CMS version 9.3.57186, consider disabling the svg functionality in the Users &...

The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in insufficient checking of the length of user data before it is copied to the stack-based buffer. This allows attackers to execute arbitrary code.

The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor lies in the insufficient checking of the length of user data before it is copied to the stack-based buffer during CGM-file syntax analysis. Exploiting this vulnerability allows an attacker to execute arbitrary cod...

UBUNTU-CVE-2022-3957

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svgparsepreserveaspectratio of the file scenegraph/svgattributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the...

GPAC 安全漏洞

GPAC is an open source multimedia framework. GPAC suffers from a security vulnerability that originates from an unknown function in the file scenegraph/svgattributes.c of the SVG Parser component, which can be exploited by an attacker to cause a memory leak by manipulating the...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29427)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29425)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

DEBIAN-CVE-2022-41704

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16...

DEBIAN-CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...