117Jamesmartin

**Name of the Vulnerable Software and Affected Versions** jamesmartin Inline SVG versions up to 1.7.1 **Description** A vulnerability has been found in the component URL Parameter Handler, specifically in the file lib/inline svg/action view/helpers.rb. The manipulation of the argument `filename` leads to cross site scripting. The attack can be launched remotely. **Recommendations** For jamesmartin Inline SVG versions up to 1.7.1, upgrade to version 1.7.2 to address this issue. As a temporary workaround, consider restricting access to the vulnerable component URL Parameter Handler until the upgrade is applied.