Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Svg-sanitizer Project Subscribe
Filtered by product Svg-sanitizer
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23638 1 Svg-sanitizer Project 1 Svg-sanitizer 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.
CVE-2019-18857 1 Svg-sanitizer Project 1 Svg-sanitizer 2024-02-28 5.0 MEDIUM 7.5 HIGH
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.
CVE-2019-10772 1 Svg-sanitizer Project 1 Svg-sanitizer 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024