19 matches found
Malicious Package
Overview zenith.svg-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2023-2379
Malicious code in bioql PyPI...
Malicious code in zenith.svg-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7d2ffc7aca71791695515d2f4c7d4cd7dae2e7767777a5a18bed84f9d94e7f Any computer that has this package installed or running should be considered...
MAL-2025-47866 Malicious code in zenith.svg-loader (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f7d2ffc7aca71791695515d2f4c7d4cd7dae2e7767777a5a18bed84f9d94e7f Any computer that has this package installed or running should be considered...
Cross-site Scripting (XSS)
external-svg-loader is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of input sanitization in the renderBody function of svg-loader.js, which allows an attacker to inject and execute malicious JavaScript through a maliciously crafted SVG...
external-svg-loader Cross-site Scripting vulnerability
Summary According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. Details When trying to...
GHSA-XC2R-JF2X-GJR8 external-svg-loader Cross-site Scripting vulnerability
Summary According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in XSS. Details When trying to...
@maggioli-design-system/mds-icon (=2.0.0-rc.1), esto-es-una-prueba-ui-components (=1.0.0) potentially affected by CVE-2023-40013 via external-svg-loader (>=1.4.0 <=1.6.8)
external-svg-loader NPM version =1.4.0, =1.6.8 is affected by a known vulnerability. The following packages have a transitive dependency on external-svg-loader and may be impacted: - @maggioli-design-system/mds-icon =2.0.0-rc.1 - esto-es-una-prueba-ui-components =1.0.0 Source cves: CVE-2023-40013...
CVE-2023-40013
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
Cross site scripting
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
CVE-2023-40013
CVE-2023-40013 affects the external-svg-loader / SVG Loader JS library. The vulnerability arises from insufficient input sanitization when injecting fetched SVGs, allowing crafted SVGs to bypass sanitization and trigger Cross-site Scripting (XSS). Affected behavior: external sites that accept use...
CVE-2023-40013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
CVE-2023-40013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader
SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivial...
MAL-2022-6264 Malicious code in spr-svg-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0110f4b8f50e4633d5a315a6d446989ffe4e78d529a0d9aaa01a59d28229d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in spr-svg-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a0110f4b8f50e4633d5a315a6d446989ffe4e78d529a0d9aaa01a59d28229d4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
openSUSE Security Update : ImageMagick (openSUSE-2016-574) (ImageTragick)
This update for ImageMagick fixes the following issues : Security issues fixed : - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficien...
SUSE: Security Advisory for ImageMagick (SUSE-SU-2016:1260-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for ImageMagick (important)
This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-/policy.xml" bsc978061 - CVE-2016-3714: Insufficient...
SUSE-SU-2016:1260-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing '/etc/ImageMagick-/policy.xml' bsc978061 - CVE-2016-3714: Insufficient...