Skip to main content

Svg Sanitizer

4 CVEs product

Monthly

CVE-2020-11070 PHP MEDIUM PATCH This Month

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-10772 PHP MEDIUM POC PATCH This Month

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svg Sanitizer
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-18857 PHP HIGH PATCH This Week

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Svg Sanitizer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-18856 HIGH PATCH This Week

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Svg Sanitizer
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Sanitizer
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svg Sanitizer
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Svg Sanitizer
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Denial Of Service Svg Sanitizer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy