Lucene search
+L

4 matches found

veracode
veracode
added 2025/09/03 9:1 a.m.15 views

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the cleanXlinkHrefs method only checking lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling XSS or external domain linking...

5.1CVSS6.2AI score0.00454EPSS
Exploits0References7Affected Software1
osv
osv
added 2025/08/12 8:20 p.m.3 views

GHSA-22WQ-Q86M-83FH svg-sanitizer Bypasses Attribute Sanitization

Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References7
cve
cve
added 2025/08/12 4:25 p.m.23 views

CVE-2025-55166

The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...

5.1CVSS6.5AI score0.00454EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/08/12 12:0 a.m.15 views

PT-2025-32689 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0 Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References10
Rows per page
Query Builder