CVE-2022-23638

Опубликовано: 14 фев. 2022

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.2

Описание

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the svg-sanitizer library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	needed
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	needed
esm-apps/noble	needed
esm-apps/xenial	not-affected	code not present
focal	not-affected	code not present
impish	ignored	end of life
jammy	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 27%

0.00098

Низкий

4.3 Medium

CVSS2

6.2 Medium

CVSS3

Связанные уязвимости

CVE-2022-23638

CVSS3: 6.2

nvd

почти 4 года назад

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

GHSA-fqx8-v33p-4qcc

CVSS3: 6.2

github

почти 4 года назад

Cross-site Scripting in enshrined/svg-sanitize

EPSS

Процентиль: 27%

0.00098

Низкий

4.3 Medium

CVSS2

6.2 Medium

CVSS3

CVE-2022-23638

Описание

Пакет spip

Ссылки на источники

Связанные уязвимости