Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01aDd3LWhteGMtOTlnNc08yg
Cross site scripting in safe-svg
The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).
Permalink: https://github.com/advisories/GHSA-5h7w-hmxc-99g5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aDd3LWhteGMtOTlnNc08yg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-5h7w-hmxc-99g5, CVE-2022-1091
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-1091
- https://github.com/10up/safe-svg/pull/28
- https://wpscan.com/vulnerability/4d12533e-bdb7-411f-bcdf-4c5046db13f3
- https://github.com/10up/safe-svg/commit/00cb9a86d1bff2214714557d1901ec3896564e50
- https://github.com/advisories/GHSA-5h7w-hmxc-99g5
Blast Radius: 2.9
Affected Packages
packagist:darylldoyle/safe-svg
Dependent packages: 2Dependent repositories: 3
Downloads: 172,597 total
Affected Version Ranges: < 1.9.10
Fixed in: 1.9.10
All affected versions: 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9
All unaffected versions: 1.9.10, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4