[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffJ-usPE4wl5wQfvW6KonBuAKfM0cbLumoRvANEWzlp4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-28426","svg-sanitizer-library-cross-site-scripting-bypass","SVG Sanitizer library \u003C= 0.15.4 - Cross-Site Scripting Bypass","The SVG Sanitizer library is vulnerable to XSS Bypass in versions up to, and including, 0.15.4. This may allow an attacker to successfully upload an SVG with persistent Cross-Site Scripting payloads in cases where a plugin is using this library to safely process SVG files.","safe-svg",null,"\u003C=2.0.3","2.1.0","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-03-23 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fca73de6d-2d47-4d7c-a917-0f99fed8c27d?source=api-prod",306]