ByteOS Network

darylldoyle

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-55166

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-5.1||MEDIUM

EPSS-0.06% / 18.93%

7 Day CHG~0.00%

Published-12 Aug, 2025 | 16:25

Updated-13 Aug, 2025 | 17:34

svg-sanitizer By-Passing Attribute Sanitization

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.

Vendor-darylldoyle

Product-svg-sanitizer

CWE ID-CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-23638

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-6.2||MEDIUM

EPSS-0.10% / 27.93%

7 Day CHG~0.00%

Published-14 Feb, 2022 | 21:10

Updated-23 Apr, 2025 | 19:05

Cross-site Scripting in svg-sanitizer

svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

Vendor-svg-sanitizer_project darylldoyle

Product-svg-sanitizer svg-sanitizer

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')