CVE-2022-23638 MEDIUM

CVE-2022-23638: Cross-site Scripting in svg-sanitizer

Vendor Darylldoyle
Product svg-sanitizer
Weakness CWE-79 · XSS
Published February 14, 2022
Last update April 23, 2025

CVSS base score

6.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

Key dates

02Disclosure timeline

February 14, 2022 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE