Cross-site Scripting (XSS)

🗓️ 03 Sep 2025 09:01:06Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 1 Views

Enshrined/svg-sanitize has an XSS vulnerability from case-only href checks in cleanXlinkHrefs.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-55166	12 Aug 202510:23	–	circl
CNNVD	svg-sanitizer 输入验证错误漏洞	12 Aug 202500:00	–	cnnvd
CVE	CVE-2025-55166	12 Aug 202516:25	–	cve
Cvelist	CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization	12 Aug 202516:25	–	cvelist
EUVD	EUVD-2025-24263	3 Oct 202520:07	–	euvd
Github Security Blog	svg-sanitizer Bypasses Attribute Sanitization	12 Aug 202520:20	–	github
NVD	CVE-2025-55166	12 Aug 202517:15	–	nvd
OSV	CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization	12 Aug 202516:25	–	osv
OSV	GHSA-22WQ-Q86M-83FH svg-sanitizer Bypasses Attribute Sanitization	12 Aug 202520:20	–	osv
Positive Technologies	PT-2025-32689 · Unknown · Svg-Sanitizer	12 Aug 202500:00	–	ptsecurity

Vulners

Node

svg-sanitize enshrined/svg-sanitizeRange0.1.0–0.21.0php

svg-sanitize enshrined/svg-sanitizeMatch0.1.0php

svg-sanitize enshrined/svg-sanitizeMatch0.1.1php

svg-sanitize enshrined/svg-sanitizeMatch0.1.2php

svg-sanitize enshrined/svg-sanitizeMatch0.1.3php

svg-sanitize enshrined/svg-sanitizeMatch0.1.4php

svg-sanitize enshrined/svg-sanitizeMatch0.1.5php

svg-sanitize enshrined/svg-sanitizeMatch0.1.6php

svg-sanitize enshrined/svg-sanitizeMatch0.10.0php

svg-sanitize enshrined/svg-sanitizeMatch0.11.0php

svg-sanitize enshrined/svg-sanitizeMatch0.12.0php

svg-sanitize enshrined/svg-sanitizeMatch0.13.0php

svg-sanitize enshrined/svg-sanitizeMatch0.13.1php

svg-sanitize enshrined/svg-sanitizeMatch0.13.2php

svg-sanitize enshrined/svg-sanitizeMatch0.13.3php

svg-sanitize enshrined/svg-sanitizeMatch0.14.0php

svg-sanitize enshrined/svg-sanitizeMatch0.14.1php

svg-sanitize enshrined/svg-sanitizeMatch0.15.0php

svg-sanitize enshrined/svg-sanitizeMatch0.15.1php

svg-sanitize enshrined/svg-sanitizeMatch0.15.2php

svg-sanitize enshrined/svg-sanitizeMatch0.15.3php

svg-sanitize enshrined/svg-sanitizeMatch0.15.4php

svg-sanitize enshrined/svg-sanitizeMatch0.16.0php

svg-sanitize enshrined/svg-sanitizeMatch0.17.0php

svg-sanitize enshrined/svg-sanitizeMatch0.18.0php

svg-sanitize enshrined/svg-sanitizeMatch0.19.0php

svg-sanitize enshrined/svg-sanitizeMatch0.2.0php

svg-sanitize enshrined/svg-sanitizeMatch0.2.1php

svg-sanitize enshrined/svg-sanitizeMatch0.20.0php

svg-sanitize enshrined/svg-sanitizeMatch0.3.0php

svg-sanitize enshrined/svg-sanitizeMatch0.4.0php

svg-sanitize enshrined/svg-sanitizeMatch0.4.1php

svg-sanitize enshrined/svg-sanitizeMatch0.5.0php

svg-sanitize enshrined/svg-sanitizeMatch0.5.1php

svg-sanitize enshrined/svg-sanitizeMatch0.5.2php

svg-sanitize enshrined/svg-sanitizeMatch0.5.3php

svg-sanitize enshrined/svg-sanitizeMatch0.5.3.1php

svg-sanitize enshrined/svg-sanitizeMatch0.6.0php

svg-sanitize enshrined/svg-sanitizeMatch0.7.0php

svg-sanitize enshrined/svg-sanitizeMatch0.7.1php

svg-sanitize enshrined/svg-sanitizeMatch0.7.2php

svg-sanitize enshrined/svg-sanitizeMatch0.8.0php

svg-sanitize enshrined/svg-sanitizeMatch0.8.1php

svg-sanitize enshrined/svg-sanitizeMatch0.8.2php

svg-sanitize enshrined/svg-sanitizeMatch0.9.0php

svg-sanitize enshrined/svg-sanitizeMatch0.9.1php

svg-sanitize enshrined/svg-sanitizeMatch0.9.2php

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-55166
github	www.github.com/darylldoyle/svg-sanitizer/commit/5a0a1eaf0c6b0b540dc945fe30c93cf106b357c1
github	www.github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-22wq-q86m-83fh
github	www.github.com/darylldoyle/svg-sanitizer/commit/0afa95ea74be155a7bcd6c6fb60c276c39984500
github	www.github.com/darylldoyle/svg-sanitizer/releases/tag/0.22.0
github	www.github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.php
github	www.github.com/darylldoyle/svg-sanitizer

13 Dec 2025 05:23Current

6.2Medium risk

Vulners AI Score6.2

CVSS 45.1

EPSS0.00079

SSVC