Daryll Doyle

2 exploits Active since Nov 2019

CVE-2019-18857 WRITEUP HIGH WRITEUP

darylldoyle svg-sanitizer <0.12.0 - XSS

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring.

CVSS 7.5

View Code

CVE-2022-23638 WRITEUP MEDIUM WRITEUP

Svg-sanitizer < 0.15.0 - XSS

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

CVSS 6.2

View Code