PHP Developer News

SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005

Project: SVG FormatterDate: 2020-March-04Security risk: Critical 15?25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Cross site scriptingDescription: SVG Formatter module provides support for using SVG images on your website.
This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.
This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files.Solution: Install the latest version:
If you use the SVG Formatter module for Drupal 8.x, upgrade to SVG Formatter 8.x-1.12
Also see the SVG Formatter project page.Reported By: Jeroen Tubex
Fixed By: Goran Nikolovski
Coordinated By: Greg Knaddison of the Drupal Security Team

Most Popular in CMS