3 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG asset reupload. An attacker can execute arbitrary JavaScript in the context of users viewing the affected asset by uploading a specially crafted SVG file that bypasses sanitization. Details Cross-sit...
Statamic has Stored XSS via SVG Sanitization Bypass
Impact Stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the asset is viewed. Patches This has been fixed in 5.73.14 and 6.7.0...
EUVD-2024-3371
Malicious code in bioql PyPI...