Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Scratch\-Svg\-Renderer
(Mit)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-06 | CVE-2020-27428 | A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Renderer v0.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted sb3 file. | Scratch\-Svg\-Renderer | 6.1 | ||
| 2020-10-21 | CVE-2020-7750 | This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function. | Scratch\-Svg\-Renderer | 9.6 |