PT-2020-12920 · Svg2Png · Svg2Png
21Ko
·
Published
2020-04-17
·
Updated
2022-01-06
·
CVE-2020-11887
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
svg2png version 4.1.1
Description
The issue allows for XSS with resultant SSRF via JavaScript inside an SVG document. This can be exploited when JavaScript code is embedded inside an SVG document.
Recommendations
For svg2png version 4.1.1, consider disabling the processing of JavaScript inside SVG documents until a patch is available. Restrict the upload and processing of SVG files to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Svg2Png