QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-55166

Back to search

CVE-2025-55166

Published: Aug 12, 2025

Modified: Aug 12, 2025

PUBLISHED

Description

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0.

VendorProductVersions

darylldoyle

svg-sanitizer

affected
< 0.22.0

Weaknesses (CWE)

CWE-79
CWE-601

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now