CVE-2020-7750

Summary

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.

Affected Software

VendorProductVersion RangeStatus
n/ascratch-svg-rendererunspecified < 0.2.0-prerelease.20201019174008affected

Weaknesses

  • Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References