Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content

🗓️ 06 Jul 2023 19:45:44Reported by GitHub Advisory DatabaseType

Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content. Upgrade to version `>= 6.0.2

Reporter	Title	Published	Views	Family All 31
BDU FSTEC	The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language allows a hacker to perform cross-site scripting attacks.	5 Apr 202400:00	–	bdu_fstec
Circl	CVE-2023-36823	6 Jul 202320:20	–	circl
CNNVD	Sanitize 跨站脚本漏洞	6 Jul 202300:00	–	cnnvd
CVE	CVE-2023-36823	6 Jul 202315:06	–	cve
Cvelist	CVE-2023-36823 Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content	6 Jul 202315:06	–	cvelist
Debian	[SECURITY] [DLA 3652-1] ruby-sanitize security update	14 Nov 202314:30	–	debian
Debian	[SECURITY] [DSA 5616-1] ruby-sanitize security update	5 Feb 202421:53	–	debian
Debian CVE	CVE-2023-36823	6 Jul 202315:06	–	debiancve
Tenable Nessus	Debian dla-3652 : ruby-sanitize - security update	14 Nov 202300:00	–	nessus
Tenable Nessus	Debian dsa-5616 : ruby-sanitize - security update	6 Feb 202400:00	–	nessus

Vulners

Node

sanitize_project sanitizeRange3.0.0–6.0.2rubygems

Source	Link
github	www.github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-36823
github	www.github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220
github	www.github.com/rgrove/sanitize/releases/tag/v6.0.2
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/sanitize/CVE-2023-36823.yml
lists	www.lists.debian.org/debian-lts-announce/2023/11/msg00008.html
github	www.github.com/advisories/GHSA-f5ww-cq3m-q3g7

23 Nov 2023 05:05Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1 - 7.1

EPSS0.00603