High severityNVD Advisory· Published Oct 21, 2020· Updated Sep 16, 2024
Cross-site Scripting (XSS)
CVE-2020-7750
Description
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
scratch-svg-renderernpm | < 0.2.0-prerelease.20201019174008 | 0.2.0-prerelease.20201019174008 |
Affected products
2- scratch-svg-renderer/scratch-svg-rendererdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-j977-g5vj-j27gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7750ghsaADVISORY
- github.com/LLK/scratch-svg-renderer/commit/9ebf57588aa596c4fa3bb64209e10ade395aee90ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-SCRATCHSVGRENDERER-1020497ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.