enshrined/svg-sanitize is vulnerable to cross-site scripting (XSS). The attack exists because it does not validate the attributes to be safe values before parsing in xlink:href
, allowing an attacker to inject a malicious script through it.
CPE | Name | Operator | Version |
---|---|---|---|
enshrined/svg-sanitize | le | 0.13.0 |