GHSA-59cf-m7v5-wh5w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-59cf-m7v5-wh5w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-59cf-m7v5-wh5w/GHSA-59cf-m7v5-wh5w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-59cf-m7v5-wh5w
- Aliases
- Published
- 2020-05-13T22:17:34Z
- Modified
- 2023-11-08T04:02:04.756649Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-Site Scripting in SVG Sanitizer
- Details
-
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting.
An updated version 1.0.3 is available from the TYPo3 extension manager and at https://extensions.typo3.org/extension/download/svg_sanitizer/1.0.3/zip/ Users of the extension are advised to update the extension as soon as possible.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-05-13T18:39:24Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Packagist / t3g/svg-sanitizer
Package
- Name
- t3g/svg-sanitizer
- Purl
- pkg:composer/t3g/svg-sanitizer