CVE-2023-40013

EPSS 0.47%
Veröffentlicht 14.08.2023 21:15:13
Zuletzt bearbeitet 21.11.2024 08:18:30
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in external-svg-loader

SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive.  Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shubhamjain ≫ Svg Loader SwPlatformnode.js Version < 1.6.9

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.371

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/shubhamjain/svg-loader/blob/main/svg-loader.js#L125-L128

Product

https://github.com/shubhamjain/svg-loader/commit/d3562fc08497aec5f33eb82017fa1417b3319e2c

Patch

https://github.com/shubhamjain/svg-loader/security/advisories/GHSA-xc2r-jf2x-gjr8

Vendor Advisory

https://github.com/shubhamjain/svg-loader/tree/main#2-enable-javascript

Product

https://nvd.nist.gov/vuln/detail/CVE-2023-40013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40013

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-40013