VDB
CVE-2022-23638
CVE-2022-23638
PUBLISHED
CVSS 6.199999809265137 MEDIUM
Cross-site Scripting in enshrined/svg-sanitize
EPSS 0.18% · 39.3th percentile
Risk Scores
CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.18%
39.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| enshrined | svg-sanitize | 0 |
| svg-sanitizer_project | svg-sanitizer | 0 |
| darylldoyle | svg-sanitizer | < 0.15.0 |
Exploit Intelligence
Timeline
- Feb 14, 2022 CVE Published
- Feb 15, 2022 EPSS Score
- Feb 22, 2022 CVE Updated
- Apr 8, 2022 EPSS Score
- May 30, 2022 EPSS Score
- Jul 23, 2022 EPSS Score
- Sep 13, 2022 EPSS Score
- Dec 26, 2022 EPSS Score
- Feb 16, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 10, 2023 EPSS Score
- Jun 1, 2023 EPSS Score
References
- https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc url
- https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-23638 advisory
- https://github.com/darylldoyle/svg-sanitizer/issues/71 url
- https://github.com/FriendsOfPHP/security-advisories/blob/master/enshrined/svg-sanitize/CVE-2022-23638.yaml url
- https://github.com/advisories/GHSA-fqx8-v33p-4qcc advisory
- https://github.com/darylldoyle/svg-sanitizer package