CVE-2020-36644

Name of the Vulnerable Software and Affected Versions jamesmartin Inline SVG versions up to 1.7.1

Description A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely.

Recommendations For jamesmartin Inline SVG versions up to 1.7.1, upgrade to version 1.7.2 to address this issue. As a temporary workaround, consider restricting access to the vulnerable component URL Parameter Handler until the upgrade is applied.