t3g/svg-sanitizer is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via SVG markup due to lack of sanitization of the markup.
CPE | Name | Operator | Version |
---|---|---|---|
t3g/svg-sanitizer | le | 1.0.2 |