CVE-2020-11070: Cross-site Scripting

May 13, 2020 (updated May 15, 2020)

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Invalid markup it still is evaluated in browsers and may lead to cross-site scripting.

References

nvd.nist.gov/vuln/detail/CVE-2020-11070

Code Behaviors & Features

Detect and mitigate CVE-2020-11070 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →