Lucene search
OpenJS FoundationFRIENDSOFPHP:ENSHRINEDHistoryFeb 15, 2022 - 1:54 a.m.
A cross-site scripting vulnerability
2022-02-1501:54:00
OpenJS Foundation
github.com
10
cross-site scripting
html elements
cdata section
EPSS
0.001
Percentile
27.5%
Description Impact SVG sanitizer library before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML (fetched as text/html) was susceptible to cross-site scripting. Plain SVG files (fetched as image/svg+xml) were not affected. Patches This issue is fixed in 0.15.0 and higher. Workarounds There is currently no workaround available without upgrading. For more information If you have any questions or comments about this advisory: Open an issue in Github Email us at [email protected] References GHSA-fqx8-v33p-4qcc darylldoyle/svg-sanitizer@17e12ba https://nvd.nist.gov/vuln/detail/CVE-2022-23638 darylldoyle/svg-sanitizer#71
Related
openvas
openvas
TYPO3 SVG Sanitizer Vulnerability (TYPO3-PSA-2022-001)
2022-02-25 00:00:00
cve
cve
CVE-2022-23638
2022-02-14 21:15:09
typo3
typo3
Sanitization bypass in SVG Sanitizer
2022-02-22 00:00:00
prion
prion
Cross site scripting
2022-02-14 21:15:00
cvelist
cvelist
CVE-2022-23638 Cross-site Scripting in svg-sanitizer
2022-02-14 21:10:10
nessus
nessus
veracode
veracode
Cross-site Scripting (XSS)
2022-02-15 07:00:19
github
github
Cross-site Scripting in enshrined/svg-sanitize
2022-02-14 22:54:18
friendsofphp
friendsofphp
A cross-site scripting vulnerability
2022-02-15 01:54:00
nvd
nvd
CVE-2022-23638
2022-02-14 21:15:09
ubuntucve
ubuntucve
CVE-2022-23638
2022-02-14 00:00:00
freebsd
freebsd
typo3 -- XSS vulnerability in svg-sanitize
2022-02-22 00:00:00
osv
osv
Cross-site Scripting in enshrined/svg-sanitize
2022-02-14 22:54:18
CVE-2022-23638
2022-02-14 21:15:09