Svg-sanitizer Security Vulnerabilities and Issues — Svg-sanitizer CVE List

Lucene search

Svg-sanitizer ProjectSvg-sanitizer

3 matches found

CVE•added 2022/02/14 9:15 p.m.•150 views

CVE-2022-23638

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

6.2CVSS5.7AI score0.00093EPSS

CVE•added 2019/12/11 4:15 p.m.•46 views

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.

6.1CVSS6.2AI score0.00159EPSS

CVE•added 2019/11/11 3:15 p.m.•41 views

CVE-2019-18857

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring.

7.5CVSS7.5AI score0.00344EPSS