SUSE CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

SUSE: Security Advisory (SUSE-SU-2019:0272-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : rubygem-loofah (openSUSE-2019-963)

This update for rubygem-loofah fixes the following issues : Security issue fixed : - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...

openSUSE Security Update : rmt-server (openSUSE-2019-185)

This update for rmt-server to version 1.1.1 fixes the following issues : The following issues have been fixed : - Fixed migration problems which caused some extensions / modules to be dropped bsc1118584, bsc1118579 - Fixed listing of mirrored products bsc1102193 - Include online migration paths...

openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:0185-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2019:0394-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 bsc1085967...

Discourse < 2.2.0.beta4 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; if...

[SECURITY] [DSA 4364-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4364-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 08, 2019 https://www.debian.org/security/faq -...

Fedora 28 : rubygem-loofah (2018-d716df9942)

XXS when a crafted SVG element is republished CVE-2018-16468. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 29 : rubygem-loofah (2018-d5fcbb9ca6)

Update to Loofah 2.2.3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

SUSE SLED15 / SLES15 Security Update : rubygem-loofah (SUSE-SU-2018:3928-1)

This update for rubygem-loofah fixes the following issues : Security issue fixed : CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security...

openSUSE: Security Advisory for rubygem-loofah (openSUSE-SU-2018:3951-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for rubygem-loofah (moderate)

This update for rubygem-loofah fixes the following issues: Security issue fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE Security Update : rubygem-loofah (openSUSE-2018-1478)

This update for rubygem-loofah fixes the following issues : Security issue fixed : - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network...

Fedora 27 : rubygem-loofah (2018-4ce40afcb6)

XXS when a crafted SVG element is republished CVE-2018-16468. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

SUSE-SU-2018:3928-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: Security issue fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969...

CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2018-16468

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...

CVE-2018-16468

The CVE-2018-16468 entry corresponds to ruby-loofah (Loofah gem) with an XXS/SVG sanitization issue in versions up to 2.2.2. Connected advisories confirm the vulnerability stems from unsanitized or partially sanitized SVG handling when a crafted SVG element is republished, enabling cross-site scr...