Lucene search
TYPO3 AssociationTYPO3-PSA-2022-001HistoryFeb 22, 2022 - 12:00 a.m.
Sanitization bypass in SVG Sanitizer
2022-02-2200:00:00
TYPO3 Association
typo3.org
28
svg sanitizer
html elements
cdata section
cross-site scripting
EPSS
0.001
Percentile
27.5%
The SVG sanitizer library enshrined/svg-sanitize before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML (fetched as text/html) was susceptible to cross-site scripting. Plain SVG files (fetched as image/svg+xml) were not affected.
Related
openvas
openvas
TYPO3 SVG Sanitizer Vulnerability (TYPO3-PSA-2022-001)
2022-02-25 00:00:00
cve
cve
CVE-2022-23638
2022-02-14 21:15:09
prion
prion
Cross site scripting
2022-02-14 21:15:00
cvelist
cvelist
CVE-2022-23638 Cross-site Scripting in svg-sanitizer
2022-02-14 21:10:10
nessus
nessus
freebsd
freebsd
typo3 -- XSS vulnerability in svg-sanitize
2022-02-22 00:00:00
friendsofphp
friendsofphp
A cross-site scripting vulnerability
2022-02-15 01:54:00
A cross-site scripting vulnerability
2022-02-15 01:54:00
osv
osv
CVE-2022-23638
2022-02-14 21:15:09
Cross-site Scripting in enshrined/svg-sanitize
2022-02-14 22:54:18
ubuntucve
ubuntucve
CVE-2022-23638
2022-02-14 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-02-15 07:00:19
github
github
Cross-site Scripting in enshrined/svg-sanitize
2022-02-14 22:54:18
nvd
nvd
CVE-2022-23638
2022-02-14 21:15:09