SVG Formatter - Critical - Cross site scripting - SA-CONTRIB-2020-005

Project: SVG FormatterDate: 2020-March-04Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:AllVulnerability: Cross site scriptingDescription: SVG Formatter module provides support for using SVG images on your website.
This security release fixes third-party dependencies included in or required by SVG Formatter. XSS bypass using entities and tab.
This vulnerability is mitigated by the fact that an attacker must be able to upload SVG files.Solution: Install the latest version:

Also see the SVG Formatter project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-005