@mattkrick/sanitize-svg is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to improper sanitization of user inputs in the deny-list-pattern which allows an attacker to inject and execute arbitrary JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
@mattkrick/sanitize-svg | le | 0.3.1 | |
@mattkrick/sanitize-svg | le | 0.3.1 |