2 matches found
CVE-2024-13286
Summary: CVE-2024-13286 affects Drupal SVG Embed and is caused by improper input neutralization during web page generation, enabling cross-site scripting (XSS). Affected software: Drupal SVG Embed modules versions from 0.0.0 up to before 2.1.2. Root cause: Inadequate sanitization of SVG content e...
SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050
This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image. The module doesn't sufficiently sanitize the SVG file before embedding it into the html. This vulnerability is mitigated by the fact that an...