Описание
Cross-site Scripting in DOMSanitizer
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.
Пакеты
Наименование
rhukster/dom-sanitizer
composer
Затронутые версииВерсия исправления
< 1.0.7
1.0.7
Связанные уязвимости
CVSS3: 6.1
nvd
около 2 лет назад
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.