Lucene search
K

4 matches found

Veracode
Veracode
added 2025/09/03 9:1 a.m.12 views

Cross-site Scripting (XSS)

enshrined/svg-sanitize is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the cleanXlinkHrefs method only checking lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling XSS or external domain linking...

5.1CVSS6.2AI score0.00454EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/08/12 8:20 p.m.1 views

GHSA-22WQ-Q86M-83FH svg-sanitizer Bypasses Attribute Sanitization

Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.phpL454-L481 only searches for lower-case attribute names e.g. xlink:href instead of xlink:HrEf, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References7
CVE
CVE
added 2025/08/12 4:25 p.m.21 views

CVE-2025-55166

The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...

5.1CVSS6.5AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.15 views

PT-2025-32689 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0 Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References10
Rows per page
Query Builder