PT-2022-16151 · Unknown+2 · Svg-Sanitizer+2

Zcorpan

Published

2022-02-14

Updated

2025-03-04

CVE-2022-23638

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions svg-sanitizer versions prior to 0.15.0

Description A cross-site scripting issue affects the svg-sanitizer library. The problem arises when HTML elements wrapped in a CDATA section are not removed, making SVG content embedded in HTML susceptible to cross-site scripting. However, plain SVG files are not affected.

Recommendations For versions prior to 0.15.0, update to version 0.15.0 or higher to resolve the issue. At the moment, there is no workaround available without upgrading.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-23638

GHSA-FQX8-V33P-4QCC

USN-7318-1

Affected Products

Linuxmint

Ubuntu

Svg-Sanitizer

PT-2022-16151 · Unknown+2 · Svg-Sanitizer+2

CVE-2022-23638

Weakness Enumeration

Related Identifiers

Affected Products

References · 35