Lucene search
K

4 matches found

Drupal
Drupal
added 2022/03/09 12:0 a.m.13 views

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028

SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images...

6AI score
Exploits0References8
OSV
OSV
added 2020/03/04 5:6 p.m.3 views

DRUPAL-CONTRIB-2020-005

SVG Formatter module provides support for using SVG images on your website. This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG fil...

7AI score
Exploits0References1
Drupal
Drupal
added 2020/03/04 12:0 a.m.14 views

SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005

SVG Formatter module provides support for using SVG images on your website. This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG fil...

6AI score
Exploits0References7
Drupal
Drupal
added 2018/05/09 12:0 a.m.14 views

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2018-027

This module adds a new formatter for the file fields, which allows any file extension to be uploaded. The module doesn't sufficiently handle sanitization under the scenario uploaded SVG files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create...

6.5AI score
Exploits0References6
Rows per page
Query Builder