scratch-svg-renderer is vulnerable to cross-site scripting. An attacker is able to inject maliciously crafted sb3 file via the HTML DOM object model interface.
CPE | Name | Operator | Version |
---|---|---|---|
scratch-svg-renderer | le | 0.2.0-.20210727010830 | |
scratch-svg-renderer | le | 0.2.0-.20210727010830 |