CVE-2020-11070

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11070

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11070.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11070

Aliases

GHSA-59cf-m7v5-wh5w

Published

2020-05-13T19:15:11Z

Modified

2024-05-14T07:31:52.695347Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.

References

https://github.com/TYPO3GmbH/svg_sanitizer/security/advisories/GHSA-59cf-m7v5-wh5w

Affected packages

Git / github.com/typo3gmbh/svg_sanitizer

Affected ranges

Type: GIT
Repo: https://github.com/typo3gmbh/svg_sanitizer
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4e37139377cd8f2c3e46ab62059965fe785d5109

Affected versions

1.*

1.0.2

v1.*

v1.0.0

v1.0.1