11 matches found
EUVD-2022-0650
Malicious code in bioql PyPI...
CVE-2020-11887
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
@0x6368656174/wp-builder (>=1.0.8 <=1.2.1), @beezyinc/dr-svg-sprites-bz (>=0.9.33 <=1.0.4) +326 more potentially affected by CVE-2020-11887 via svg2png (>=1.0.0 <=4.1.1)
svg2png NPM version =1.0.0, =1.0.8, =0.9.33, =0.9.33, =5.2.0, =0.4.25, =0.0.23, =0.1.0, =1.0.0, =0.0.3, =0.0.1, =6.0.0-rc1, =0.5.1, =0.0.9, =0.2.2 and more Source cves: CVE-2020-11887 Source advisory: OSV:GHSA-MPP5-2X55-49XW...
GHSA-MPP5-2X55-49XW XSS in svg2png (NPM package)
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
XSS in svg2png (NPM package)
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
Cross-site Scripting (XSS)
svg2png is vulnerable to cross-site scripting XSS. The attack exists because it renders XML snippet using phantomjs directly into an image without sanitizing it, allowing an attacker to inject arbitrary script inside SVG document...
CVE-2020-11887
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
CVE-2020-11887
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
Cross site scripting
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
CVE-2020-11887
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document...
CVE-2020-11887
svg2png 4.1.1 contains a vulnerability that allows cross-site scripting (XSS) with resultant SSRF via JavaScript inside an SVG document. The issue is documented across multiple sources (NVD, Red Hat, Veracode, OSV, GHSA, CNVD, etc.). Affected component is the SVG rendering/processing in svg2png; ...