Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

SS-2016-017: SVG Uploads

Severity:
Low (?)
Identifier:
SS-2016-017
Versions Affected:
<=3.6.0
Versions Fixed:
3.6.1

SVG Images uploads can execute arbitrary scripts, and introduces the risk of XSS.

Upload of files with the .svg extension will be disabled by default.


Discovered by SEC Consult Singapore Pte. Ltd. (https://www.sec-consult.com/)