Cross-site Scripting (XSS)
Overview scratch-svg-renderer is a SVG renderer for Scratch Affected versions of this package are vulnerable to Cross-site Scripting XSS. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Detai...