enshrined/svg-sanitize is vulnerable to cross-site scripting (XSS). The vulnerability exists due to the possible inclusion of
as a whitespace to bypass the regular expression used to detect scripts.
CPE | Name | Operator | Version |
---|---|---|---|
enshrined/svg-sanitize | le | 0.11.0 |