7 matches found
EUVD-2025-24263
Malicious code in bioql PyPI...
CVE-2025-55166
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
CVE-2025-55166
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
CVE-2025-55166
The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...
PT-2025-32689 · Unknown · Svg-Sanitizer
Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.22.0 Description: savg-sanitizer is a PHP SVG/XML sanitizer. The sanitization logic in the cleanXlinkHrefs function only searches for lower-case attribute names, bypassing the isHrefSafeValue check. This...
PT-2023-21712 · Unknown · Svg-Sanitizer
Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.16.0 Description: A bypass has been found in the savg-sanitizer library that allows an attacker to upload an SVG with persistent cross-site scripting. The issue arises from incorrect sanitization of HTML...