CVE-2022-1091

The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will be able to perform the kinds of attacks that this plugin should prevent (mainly XSS, but depending on further use of uploaded SVG files potentially other XML attacks).
Configurations

Configuration 1 (hide)

cpe:2.3:a:10up:safe_svg:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-04-18 18:15

Updated : 2024-11-21 06:40


NVD link : CVE-2022-1091

Mitre link : CVE-2022-1091

CVE.ORG link : CVE-2022-1091


JSON object : View

Products Affected

10up

  • safe_svg
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')