svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.
svg-sanitizer
{ "binaries": [ { "binary_name": "spip", "binary_version": "4.0.4-1" } ] }
{ "binaries": [ { "binary_name": "spip", "binary_version": "4.2.9+dfsg-2" } ] }
{ "binaries": [ { "binary_name": "spip", "binary_version": "4.3.8+dfsg-1" } ] }