enshrined/svg-sanitize is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the cleanUnsafeNodes
function in Sanitizer.php
does not properly sanitize the HTML elements within CDATA, which allows an attacker to launch an XSS attack with the unsafe SVG file.