Security Advisory

CVE-2020-7750

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-21 16:20:12

Last updated 2024-09-16 19:31:46

Assigner snyk

State PUBLISHED

Description

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

← Browse all CVEs View on cve.org ↗