darylldoyle/svg-sanitizer on GitHub
A PHP SVG/XML Sanitizer
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2023-28426 | N/A | N/A | |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion. | |||
CVE-2022-23638 | 6.1 MEDIUM | 4.3 MEDIUM | |
svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available. | |||
CVE-2019-18857 | 7.5 HIGH | 5 MEDIUM | |
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. |