4 matches found
SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028
SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images...
DRUPAL-CONTRIB-2020-005
SVG Formatter module provides support for using SVG images on your website. This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG fil...
SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005
SVG Formatter module provides support for using SVG images on your website. This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab. This vulnerability is mitigated by the fact that an attacker must be able to upload SVG fil...
SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2018-027
This module adds a new formatter for the file fields, which allows any file extension to be uploaded. The module doesn't sufficiently handle sanitization under the scenario uploaded SVG files. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create...