Lucene search
Veracode Vulnerability DatabaseVERACODE:25049HistoryApr 20, 2020 - 2:23 a.m.
Cross-site Scripting (XSS)
2020-04-2002:23:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.001
Percentile
37.3%
svg2png is vulnerable to cross-site scripting (XSS). The attack exists because it renders XML snippet using phantomjs directly into an image without sanitizing it, allowing an attacker to inject arbitrary script inside SVG document.
References
Related
cvelist
cvelist
CVE-2020-11887
2020-04-17 20:08:39
osv
osv
CVE-2020-11887
2020-04-17 21:15:13
XSS in svg2png (NPM package)
2022-01-06 19:45:13
huntr
huntr
Server-Side Request Forgery (SSRF) in sterlp/svg2png
2021-01-28 00:00:00
prion
prion
Cross site scripting
2020-04-17 21:15:00
github
github
XSS in svg2png (NPM package)
2022-01-06 19:45:13
nvd
nvd
CVE-2020-11887
2020-04-17 21:15:13
cve
cve
CVE-2020-11887
2020-04-17 21:15:13