Moderate severityNVD Advisory· Published May 13, 2020· Updated Aug 4, 2024
Cross-Site Scripting in SVG Sanitizer
CVE-2020-11070
Description
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
t3g/svg-sanitizerPackagist | < 1.0.3 | 1.0.3 |
Affected products
2- TYPO3GmbH/svg_sanitizerv5Range: < 1.0.3
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-59cf-m7v5-wh5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-11070ghsaADVISORY
- github.com/TYPO3GmbH/svg_sanitizer/security/advisories/GHSA-59cf-m7v5-wh5wghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.