Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.3 views

SUSE CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS9.1AI score0.0152EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/12/28 12:0 a.m.25 views

Debian DSA-4358-1 : ruby-sanitize - security update

The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element. C Tenable Network Security,...

7.5CVSS7.4AI score0.0152EPSS
Exploits0References5
Debian
Debian
added 2018/12/27 12:31 p.m.18 views

[SECURITY] [DSA 4358-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...

5CVSS1.4AI score0.0152EPSS
Exploits0
Debian
Debian
added 2018/12/27 12:31 p.m.38 views

[SECURITY] [DSA 4358-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...

7.5CVSS6.7AI score0.0152EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/03/30 7:29 p.m.23 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.1AI score0.0152EPSS
Exploits0References3
CVE
CVE
added 2018/03/30 7:0 p.m.90 views

CVE-2018-3740

CVE-2018-3740 affects the ruby-sanitize (Sanitize gem for Ruby) whitelist-based HTML sanitizer. A specially crafted HTML fragment can cause non-whitelisted attributes to be applied to whitelisted elements, enabling HTML injection-like behavior. Debian’s DSA-4358-1 fixes the issue in ruby-sanitize...

7.5CVSS6.4AI score0.0152EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder