Lucene search
Veracode Vulnerability DatabaseVERACODE:38882HistoryJan 17, 2023 - 1:07 p.m.
Cross-Site Scripting (XSS)
2023-01-1713:07:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
cross-site scripting
xss
vulnerability
input sanitization
user inputs
javascript injection
software
0.001 Low
EPSS
Percentile
29.0%
@mattkrick/sanitize-svg is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to improper sanitization of user inputs in the deny-list-pattern which allows an attacker to inject and execute arbitrary JavaScript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @mattkrick/sanitize-svg | le | 0.3.1 | |
| @mattkrick/sanitize-svg | le | 0.3.1 |
Related
osv
osv
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
2023-01-05 12:18:35
CVE-2023-22461
2023-01-04 15:15:09
github
github
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
2023-01-05 12:18:35
cvelist
cvelist
CVE-2023-22461 sanitize-svg Filter Bypass Allows Cross-Site Scripting (XSS)
2023-01-04 14:57:04
prion
prion
Cross site scripting
2023-01-04 15:15:00
nvd
nvd
CVE-2023-22461
2023-01-04 15:15:09
cve
cve
CVE-2023-22461
2023-01-04 15:15:09