Vulnerability Database

296,202

Total vulnerabilities in the database

SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc

xml2rfc allows script elements in SVG sources. In HTML output having these script elements can lead to XSS attacks.

Sample XML snippet:

&lt;artwork type=&quot;svg&quot; src=&quot;data:image/svg+xml,%3Csvg viewBox=&#039;0 0 10 10&#039; xmlns=&#039;http://www.w3.org/2000/svg&#039;%3E%3Cscript%3E window.alert(&#039;Test Alert&#039;); %3C/script%3E%3C/svg%3E&quot;&gt;
&lt;/artwork&gt;

Impact

This vulnerability impacts website that publish HTML drafts and RFCs.

Patches

This has been fixed in version 3.12.4.

Workarounds

If SVG source is self-contained within the XML, scraping script elements from SVG files.

References

https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script

For more information

If you have any questions or comments about this advisory:

Open an issue in xml2rfc
Email us at operational-vulnerability@ietf.org
Infrastructure and Services Vulnerability Disclosure

Published: Apr 22, 2022
Updated: Apr 14, 2023
GHSA: GHSA-cf4q-4cqr-7g7w
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
xml2rfc	-	3.12.4

https://github.com/ietf-tools/xml2rfc/security/advisories/GHSA-cf4q-4cqr-7g7w