SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028
Project: SVG Formatter
Date: 2022-March-09
Security risk: Critical 15∕25
Vulnerability: Cross Site Scripting
Description
SVG Formatter module provides support for using SVG images on your website.
Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images.