42 matches found
Cross-Site Scripting
Overview Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting xss. This is due to the fact that scripts found in SVG files are run by default. Recommendation Update to version 2.2.18 or later. References - GitHub PR 57 - GitHub Advisory...
Cross-site Scripting (XSS)
react-svg is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the default configuration of allowing scripts to be evaluated, despite being documented otherwise, allowing malicious scripts to be executed when rendered...