Svg-sanitizer_project Svg-sanitizer

3 CVEs affecting Svg-sanitizer_project Svg-sanitizer. Latest disclosed: 2022-02-14. Critical: 0, High: 1.

Top CVEs affecting Svg-sanitizer_project Svg-sanitizer
CVESeverityScorePublishedSummary
CVE-2019-18857High7.52019-11-11darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript&#9…
CVE-2022-23638Medium6.22022-02-14svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.1…
CVE-2019-10772Medium6.12019-12-11It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer.