1 results (0.004 seconds)

CVSS: 9.6EPSS: 0%CPEs: 86EXPL: 2

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. Esto afecta al paquete scratch-svg-renderer versiones anteriores a 0.2.0-prerelease.20201019174008. La función loadString no escapa un SVG apropiadamente, que se puede usar para inyectar elementos arbitrarios en el DOM por medio de la función _transformMeasurements • https://www.exploit-db.com/exploits/50079 https://github.com/ossf-cve-benchmark/CVE-2020-7750 https://github.com/LLK/scratch-svg-renderer/commit/9ebf57588aa596c4fa3bb64209e10ade395aee90 https://snyk.io/vuln/SNYK-JS-SCRATCHSVGRENDERER-1020497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •