Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...