Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/04/29 6:30 p.m.20 views

AngularJS improperly sanitizes SVG elements

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS6.6AI score0.00375EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/12/27 5:15 a.m.2 views

DEBIAN-CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS5.2AI score0.00603EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/27 12:0 a.m.17 views

CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

0.00603EPSS
Exploits0References3
CVE
CVE
added 2024/12/27 12:0 a.m.86 views

CVE-2024-56519

TCPDF vulnerability CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family attribute, enabling potential impact per CVSS 3.1/7.5 (HIGH) with network attack vector and no user interaction. Affected library: TCPDF prior to 6.8.0. Mitigation: upgrade to 6.8.0 or later when available. Deb...

7.5CVSS7AI score0.00603EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/18 1:1 p.m.6 views

SUSE-SU-2022:4075-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements bsc1154751...

6.1CVSS5.9AI score0.01984EPSS
Exploits0References4
Rows per page
Query Builder