EPSS
Percentile
41.3%
enshrined/svg-sanitize is vulnerable to cross-site scripting (XSS). The attack exists because it does not validate the attributes to be safe values before parsing in xlink:href, allowing an attacker to inject a malicious script through it.
xlink:href
github.com/darylldoyle/svg-sanitizer/commit/6add43e5c5649bc40e3afcb68c522720dcb336f9