1 matches found
rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...