CVE-2023-49146

CVE-2023-49146

EPSS 0.4%

DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG document because of mishandling of comments and greedy regular expressions.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/rhukster/dom-sanitizer/commit/c2a98f27ad742668b254282ccc5581871d0fb601 https://github.com/rhukster/dom-sanitizer/compare/1.0.6...1.0.7