Critical Vulnerability Information Vulnerability Overview Type: Stored/Reflected XSS Component: Issue: Cross-site scripting attack caused by unvalidated SVG content. Affected and Fixed Versions Affected Versions: <= 3.3.1 Fixed Version: 3.4.0 Vulnerability Details Location: The directive in renders SVG content without any validation, allowing injection of malicious HTML or JavaScript. Attack Vector: Exploits the SVG tag. Severity CVSS v3 Base Score: 6.1/10 (Medium) Vector: Network Complexity: Low Required Privileges: None User Interaction: Required Scope: Changed Confidentiality, Integrity, Availability Impact: Low Proof of Concept (PoC) Impact and Risk Type: Reflected/Stored XSS (depending on data source) Severity Level: Medium Risk: Attackers can inject and execute malicious scripts when the image component is rendered or updated, posing a significant threat to dashboards or multi-user applications that display user-generated content or annotations.