CVE-2020-11070 in SVG Sanitizer Extension
Sumário (Inglês)
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Responsável
GitHub, Inc.
Reservar
30/03/2020
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 155188 | SVG Sanitizer Extension Markup Script de Site Cruzado | 79 | Não definido | Correção oficial | CVE-2020-11070 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV