Количество 2
Количество 2
CVE-2025-55166
savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.
GHSA-22wq-q86m-83fh
svg-sanitizer Bypasses Attribute Sanitization
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-55166 savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0. | 0% Низкий | 3 месяца назад | |
| GHSA-22wq-q86m-83fh svg-sanitizer Bypasses Attribute Sanitization | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу