Moderate severityNVD Advisory· Published Jan 5, 2022· Updated Aug 4, 2024

CVE-2020-27428

Description

A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
scratch-svg-renderernpm	<= 0.2.0	—

Affected products

Scratch-Svg-Renderer/Scratch-Svg-Rendererdescription
ghsa-coords
pkg:npm/scratch-svg-renderer
Range: <= 0.2.0

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-h3vq-wv8j-36gwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-27428ghsaADVISORY
github.com/LLK/scratch-svg-renderer/commit/7c74ec7de3254143ec3c557677f5355a90a3d07fghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000