Packagist (Composer) package
rhukster/dom-sanitizer
pkg:composer/rhukster/dom-sanitizer
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40301 | Med | 4.7 | < 1.0.10 | 1.0.10 | Apr 17, 2026 | DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows elements in SVG content but never inspects their text content. CSS url() references and @import rules pass through unfiltered, causing the browser to issue HT | |
| CVE-2023-49146 | — | < 1.0.7 | 1.0.7 | Nov 22, 2023 | DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions. |
- affected < 1.0.10fixed 1.0.10
DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows elements in SVG content but never inspects their text content. CSS url() references and @import rules pass through unfiltered, causing the browser to issue HT
- CVE-2023-49146Nov 22, 2023affected < 1.0.7fixed 1.0.7
DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.