Cross-Site Scripting (XSS) vulnerability in SVG data loaded through <img> tags in Firefox < 57

Cross-Site Scripting (XSS) vulnerability in SVG data loaded through <img> tags in Firefox < 57

CVE-2017-7837 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.

Learn more about our Web Application Penetration Testing UK.