TYPO3GmbH/svg_sanitizer

Releases4

Frequency1 month 2 weeks

Last Release about 6 years ago

Stars3

This extension sanitize every SVG file which is uploaded to the TYPO3 System but only for the default options.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-11070 ↗	May 13, 2020Wednesday, 13 May 2020, 19:15	5.4 MEDIUM	3.5 LOW
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.