CVE-2020-7750: Cross-site Scripting (XSS)
First published: Wed Oct 21 2020(Updated: )
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mit Scratch-svg-renderer | =0.1.0 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease1515799461 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease1515800444 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180117145116 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180117210827 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180118201049 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180118201241 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180118224509 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180124043252 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180124054052 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180210005926 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180329174139 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180423193917 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180508170432 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180510171850 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180510181711 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180511144653 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180514170126 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180521194642 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180524204036 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180524210316 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180531205843 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180531214630 | |
| Mit Scratch-svg-renderer | =0.1.0-prerelease20180605140533 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180605154326 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180607141644 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180613184320 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180618172917 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180711180400 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180712223402 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180817005452 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180821210632 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180907141232 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20180926143036 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181017193458 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181024192149 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181101210634 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181126212715 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181212190400 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181212222326 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181212230607 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181213165142 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181213192400 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181218153528 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20181220183040 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190109201344 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190110205335 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190125192231 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190304180800 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190329052730 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190419183947 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190521170426 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190523193400 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190715144718 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190715153806 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190820171249 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190822193232 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20190822202608 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20191031221353 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20191104164753 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20191217211338 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200103191258 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200103211543 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200109070519 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200205003215 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200205003400 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200507183648 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200604203226 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200609210443 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20200610220938 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201008203328 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201009194722 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201009195807 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201009202925 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201009211507 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201011114003 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201012151417 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201013123302 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201013184332 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201014105708 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201014130133 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201014145347 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201015122106 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201015135047 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201015194358 | |
| Mit Scratch-svg-renderer | =0.2.0-prerelease20201016121710 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/mit
- canonical/mit scratch-svg-renderer
- version/mit scratch-svg-renderer/0.1.0
- version/mit scratch-svg-renderer/0.1.0-prerelease1515799461
- version/mit scratch-svg-renderer/0.1.0-prerelease1515800444
- version/mit scratch-svg-renderer/0.1.0-prerelease20180117145116
- version/mit scratch-svg-renderer/0.1.0-prerelease20180117210827
- version/mit scratch-svg-renderer/0.1.0-prerelease20180118201049
- version/mit scratch-svg-renderer/0.1.0-prerelease20180118201241
- version/mit scratch-svg-renderer/0.1.0-prerelease20180118224509
- version/mit scratch-svg-renderer/0.1.0-prerelease20180124043252
- version/mit scratch-svg-renderer/0.1.0-prerelease20180124054052
- version/mit scratch-svg-renderer/0.1.0-prerelease20180210005926
- version/mit scratch-svg-renderer/0.1.0-prerelease20180329174139
- version/mit scratch-svg-renderer/0.1.0-prerelease20180423193917
- version/mit scratch-svg-renderer/0.1.0-prerelease20180508170432
- version/mit scratch-svg-renderer/0.1.0-prerelease20180510171850
- version/mit scratch-svg-renderer/0.1.0-prerelease20180510181711
- version/mit scratch-svg-renderer/0.1.0-prerelease20180511144653
- version/mit scratch-svg-renderer/0.1.0-prerelease20180514170126
- version/mit scratch-svg-renderer/0.1.0-prerelease20180521194642
- version/mit scratch-svg-renderer/0.1.0-prerelease20180524204036
- version/mit scratch-svg-renderer/0.1.0-prerelease20180524210316
- version/mit scratch-svg-renderer/0.1.0-prerelease20180531205843
- version/mit scratch-svg-renderer/0.1.0-prerelease20180531214630
- version/mit scratch-svg-renderer/0.1.0-prerelease20180605140533
- version/mit scratch-svg-renderer/0.2.0-prerelease20180605154326
- version/mit scratch-svg-renderer/0.2.0-prerelease20180607141644
- version/mit scratch-svg-renderer/0.2.0-prerelease20180613184320
- version/mit scratch-svg-renderer/0.2.0-prerelease20180618172917
- version/mit scratch-svg-renderer/0.2.0-prerelease20180711180400
- version/mit scratch-svg-renderer/0.2.0-prerelease20180712223402
- version/mit scratch-svg-renderer/0.2.0-prerelease20180817005452
- version/mit scratch-svg-renderer/0.2.0-prerelease20180821210632
- version/mit scratch-svg-renderer/0.2.0-prerelease20180907141232
- version/mit scratch-svg-renderer/0.2.0-prerelease20180926143036
- version/mit scratch-svg-renderer/0.2.0-prerelease20181017193458
- version/mit scratch-svg-renderer/0.2.0-prerelease20181024192149
- version/mit scratch-svg-renderer/0.2.0-prerelease20181101210634
- version/mit scratch-svg-renderer/0.2.0-prerelease20181126212715
- version/mit scratch-svg-renderer/0.2.0-prerelease20181212190400
- version/mit scratch-svg-renderer/0.2.0-prerelease20181212222326
- version/mit scratch-svg-renderer/0.2.0-prerelease20181212230607
- version/mit scratch-svg-renderer/0.2.0-prerelease20181213165142
- version/mit scratch-svg-renderer/0.2.0-prerelease20181213192400
- version/mit scratch-svg-renderer/0.2.0-prerelease20181218153528
- version/mit scratch-svg-renderer/0.2.0-prerelease20181220183040
- version/mit scratch-svg-renderer/0.2.0-prerelease20190109201344
- version/mit scratch-svg-renderer/0.2.0-prerelease20190110205335
- version/mit scratch-svg-renderer/0.2.0-prerelease20190125192231
- version/mit scratch-svg-renderer/0.2.0-prerelease20190304180800
- version/mit scratch-svg-renderer/0.2.0-prerelease20190329052730
- version/mit scratch-svg-renderer/0.2.0-prerelease20190419183947
- version/mit scratch-svg-renderer/0.2.0-prerelease20190521170426
- version/mit scratch-svg-renderer/0.2.0-prerelease20190523193400
- version/mit scratch-svg-renderer/0.2.0-prerelease20190715144718
- version/mit scratch-svg-renderer/0.2.0-prerelease20190715153806
- version/mit scratch-svg-renderer/0.2.0-prerelease20190820171249
- version/mit scratch-svg-renderer/0.2.0-prerelease20190822193232
- version/mit scratch-svg-renderer/0.2.0-prerelease20190822202608
- version/mit scratch-svg-renderer/0.2.0-prerelease20191031221353
- version/mit scratch-svg-renderer/0.2.0-prerelease20191104164753
- version/mit scratch-svg-renderer/0.2.0-prerelease20191217211338
- version/mit scratch-svg-renderer/0.2.0-prerelease20200103191258
- version/mit scratch-svg-renderer/0.2.0-prerelease20200103211543
- version/mit scratch-svg-renderer/0.2.0-prerelease20200109070519
- version/mit scratch-svg-renderer/0.2.0-prerelease20200205003215
- version/mit scratch-svg-renderer/0.2.0-prerelease20200205003400
- version/mit scratch-svg-renderer/0.2.0-prerelease20200507183648
- version/mit scratch-svg-renderer/0.2.0-prerelease20200604203226
- version/mit scratch-svg-renderer/0.2.0-prerelease20200609210443
- version/mit scratch-svg-renderer/0.2.0-prerelease20200610220938
- version/mit scratch-svg-renderer/0.2.0-prerelease20201008203328
- version/mit scratch-svg-renderer/0.2.0-prerelease20201009194722
- version/mit scratch-svg-renderer/0.2.0-prerelease20201009195807
- version/mit scratch-svg-renderer/0.2.0-prerelease20201009202925
- version/mit scratch-svg-renderer/0.2.0-prerelease20201009211507
- version/mit scratch-svg-renderer/0.2.0-prerelease20201011114003
- version/mit scratch-svg-renderer/0.2.0-prerelease20201012151417
- version/mit scratch-svg-renderer/0.2.0-prerelease20201013123302
- version/mit scratch-svg-renderer/0.2.0-prerelease20201013184332
- version/mit scratch-svg-renderer/0.2.0-prerelease20201014105708
- version/mit scratch-svg-renderer/0.2.0-prerelease20201014130133
- version/mit scratch-svg-renderer/0.2.0-prerelease20201014145347
- version/mit scratch-svg-renderer/0.2.0-prerelease20201015122106
- version/mit scratch-svg-renderer/0.2.0-prerelease20201015135047
- version/mit scratch-svg-renderer/0.2.0-prerelease20201015194358
- version/mit scratch-svg-renderer/0.2.0-prerelease20201016121710