SVG Embed - Moderately critical - Cross site scripting - SA-CONTRIB-2024-050

Project: SVG EmbedDate: 2024-October-23Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross site scriptingAffected versions: <2.1.2Description: This module enables you to embed the content of an SVG file into the body html of a node and optionally allows to translate text contained within the image.
The module doesn't sufficiently sanitize the SVG file before embedding it into the html.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to upload SVG files, and the permission to use a text format that includes the SVG embed filter.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2024-050