PT-2022-28235 · Xml2Rfc · Xml2Rfc
Published
2022-04-22
·
Updated
2022-04-22
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
xml2rfc versions prior to 3.12.4
Description
The issue allows
script elements in SVG sources, which can lead to XSS attacks in HTML output. This impacts websites that publish HTML drafts and RFCs.Recommendations
For versions prior to 3.12.4, update to version 3.12.4 to resolve the issue.
As a temporary workaround, consider scraping
script elements from SVG files if the SVG source is self-contained within the XML.XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xml2Rfc