CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11070 – Cross-Site Scripting in SVG Sanitizer
https://notcve.org/view.php?id=CVE-2020-11070
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3. La extensión SVG Sanitizer para TYPO3, presenta una vulnerabilidad de tipo cross-site scripting en versiones anteriores a 1.0.3. • https://github.com/TYPO3GmbH/svg_sanitizer/security/advisories/GHSA-59cf-m7v5-wh5w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18856
https://notcve.org/view.php?id=CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. Se presenta una vulnerabilidad de Denegación de Servicio en el módulo SVG Sanitizer versiones hasta 8.x-1.0-alpha1 para Drupal, porque el acceso a recursos externos con un elemento de uso de SVG es manejado inapropiadamente. • https://fortiguard.com/zeroday/FG-VD-19-115 https://git.drupalcode.org/project/svg_sanitizer/commit/e1b0666 • CWE-732: Incorrect Permission Assignment for Critical Resource •