FreeBSD : typo3 -- XSS vulnerability in svg-sanitize (0eab001a-9708-11ec-96c9-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0eab001a-9708-11ec-96c9-589cfc0f81b0 advisory. - svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all...

typo3 -- XSS vulnerability in svg-sanitize

The TYPO3 project reports: The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+x...

XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes

enshrined/svg-sanitize before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript:alert substring...

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...