Meta
- CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C
- CWE-79
Problem
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting.
Solution
An updated version 1.0.3 is available from the TYPo3 extension manager and at https://extensions.typo3.org/extension/download/svg_sanitizer/1.0.3/zip/
Users of the extension are advised to update the extension as soon as possible.
Credits
Thanks to Matteo Bonaker who reported this issue and to TYPO3 merger Frank Nägler who fixed the issue.
Meta
Problem
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting.
Solution
An updated version 1.0.3 is available from the TYPo3 extension manager and at https://extensions.typo3.org/extension/download/svg_sanitizer/1.0.3/zip/
Users of the extension are advised to update the extension as soon as possible.
Credits
Thanks to Matteo Bonaker who reported this issue and to TYPO3 merger Frank Nägler who fixed the issue.