DbGate has cross site scripting via the SVG Icon String Handler component

Severity:: Low

Description

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely.

Recommendation

Update the dbgate-web package to the latest compatible version. Followings are version details:

Affected version(s): < 7.1.5
Patched version(s): 7.1.5

References

GHSA-j8j5-7r4h-vj2g
vuldb.com
CVE-2026-6216
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload - CVE-2026-30948
CleverTap Web SDK is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage - CVE-2026-26862
Svelte affected by cross-site scripting via spread attributes in Svelte SSR - CVE-2026-27121
beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS) - CVE-2026-26226

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; dbgate-web

Anything's wrong? Let us know Last updated on April 14, 2026