CVE-2020-11070: Cross-Site Scripting in SVG Sanitizer
First published: Wed May 13 2020(Updated: )
The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Typo3 Svg Sanitizer | <1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-11070?
CVE-2020-11070 is a cross-site scripting vulnerability in the SVG Sanitizer extension for TYPO3 versions before 1.0.3.
How severe is CVE-2020-11070?
CVE-2020-11070 has a severity rating of 5.4 (medium).
How does CVE-2020-11070 affect TYPO3?
CVE-2020-11070 affects TYPO3 versions before 1.0.3 that have the SVG Sanitizer extension installed.
Is there a fix for CVE-2020-11070?
Yes, upgrading to version 1.0.3 of the SVG Sanitizer extension for TYPO3 resolves the vulnerability.
Where can I find more information about CVE-2020-11070?
More information about CVE-2020-11070 can be found at the following URL: https://github.com/TYPO3GmbH/svg_sanitizer/security/advisories/GHSA-59cf-m7v5-wh5w
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/typo3
- canonical/typo3 svg sanitizer