CVE-2020-11887 svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. Source: NIST CVE-2020-11887 April 17, 2020 by admin Uncategorized