EPSS
Percentile
37.3%
svg2png is vulnerable to cross-site scripting (XSS). The attack exists because it renders XML snippet using phantomjs directly into an image without sanitizing it, allowing an attacker to inject arbitrary script inside SVG document.
phantomjs
github.com/domenic/svg2png/issues/117