Security Advisory

CVE-2019-18857

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-11 14:34:59

Last updated 2024-08-05 02:02:39

Assigner mitre

State PUBLISHED

Description

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.

← Browse all CVEs View on cve.org ↗