Lucene search
+L

7 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24263

Malicious code in bioql PyPI...

5.1CVSS6.3AI score0.00454EPSS
Exploits0References6
redhatcve
redhatcve
added 2025/08/14 4:54 p.m.6 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References1
nvd
nvd
added 2025/08/12 5:15 p.m.4 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS0.00454EPSS
Exploits0References2
cve
cve
added 2025/08/12 4:25 p.m.23 views

CVE-2025-55166

The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...

5.1CVSS6.5AI score0.00454EPSS
Exploits0References2
osv
osv
added 2025/08/12 4:25 p.m.4 views

CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS6AI score0.00454EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/08/12 12:0 a.m.15 views

PT-2025-32689 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0 Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This...

5.1CVSS6.6AI score0.00454EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2023/03/20 12:0 a.m.5 views

PT-2023-21712 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.16.0 Description: A bypass has been found in the savg-sanitizer library that allows an attacker to upload an SVG with persistent cross-site scripting. The issue arises from incorrect sanitization of HTML...

5.3CVSS9AI score
Exploits0References10
Rows per page
Query Builder