Web-Security
CVE-2025-55166: SVG Sanitizer XSS Vulnerability via Context Confusion
I found a context confusion in svg-sanitizer library. it sanitizes SVG for XML context (case-sensitive) but when the SVG is inlined in HTML (case-insensitive), you can bypass the filter. xlink:hReF …