2 matches found
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
PT-2024-9767
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 131.2 Firefox iOS affected versions not specified, but versions under 131.2 are known to be affected Description: The issue is related to the incorrect display of HTTPS indicators in the Firefox browser for...