Approved changes feed: RSS · Atom

cpe:2.3:a:mit:scratch-svg-renderer:0.1.0:prerelease20180511144653:*:*:*:node.js:*:*

part: a version: 0.1.0 update: prerelease20180511144653

VendorMit (82b7f5d9-694f-5ac9-86aa-26958677636b)
ProductScratch Svg Renderer (b234be14-0a52-5047-92f5-5567d94dc39e)
Edition*
Language*
Software edition*
Target softwarenode.js
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/llk/scratch-svg-renderer purl2cpe 2026-06-01 10:16:02.444367
pkg:npm/scratch-svg-renderer purl2cpe 2026-06-01 10:16:02.444369

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-7750 vulnerable 2026-06-08 05:27:14.124581 Cross-site Scripting (XSS)
CRITICAL (9.6)
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
Published: 2020-10-21T16:20:12.796Z
Updated: 2024-09-16T19:31:46.720Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.