Svg2Png
1 CVEs
product
Monthly
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
SSRF
Svg2Png
NVD
GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-11887
npm
EPSS 1%
CVSS 6.1
MEDIUM
POC
This Month
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
SSRF
Svg2Png
NVD
GitHub