github.com/imgproxy/imgproxy is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the Satitize
function in svg.go
does not sanitize the use
tags in SVG files, which allows an attacker to inject and execute malicious JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/imgproxy/imgproxy | le | v3.13.2 | |
github.com/imgproxy/imgproxy | le | v3.13.2 |