Lucene search
K

15 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

5.4CVSS6.8AI score0.01984EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2020/04/06 5:5 p.m.27 views

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

6.1CVSS0.3AI score0.01984EPSS
Exploits0References1
OSV
OSV
added 2019/08/23 10:6 a.m.7 views

SUSE-SU-2019:2209-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: - Security issue fixed: - CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.forcecorrectattributeescaping! callable from other gems bsc1086598...

6.1CVSS6.4AI score0.01984EPSS
Exploits0References3
OSV
OSV
added 2019/02/14 1:47 p.m.9 views

SUSE-SU-2019:0394-1 Security update for rubygem-loofah

This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 bsc1085967...

6.1CVSS5.8AI score0.01984EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2018/04/26 3:41 p.m.38 views

rails-html-sanitizer Cross-site Scripting vulnerability

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS1.8AI score0.01289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/04/26 3:41 p.m.31 views

GHSA-PX3R-JM9G-C8W8 rails-html-sanitizer Cross-site Scripting vulnerability

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS4.9AI score0.01289EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/16 12:0 a.m.30 views

Debian DSA-4171-1 : ruby-loofah - security update

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially crafted HTML fragments. This might allow to mount a...

6.1CVSS6.9AI score0.01984EPSS
Exploits0References5
Debian
Debian
added 2018/04/13 7:12 p.m.24 views

[SECURITY] [DSA 4171-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...

4.3CVSS1.6AI score0.01984EPSS
Exploits0
Debian
Debian
added 2018/04/13 7:12 p.m.29 views

[SECURITY] [DSA 4171-1] ruby-loofah security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...

6.1CVSS6.3AI score0.01984EPSS
Exploits0
Prion
Prion
added 2018/03/30 7:29 p.m.27 views

Design/Logic Flaw

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

4.3CVSS5.9AI score0.01984EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2018/03/29 12:0 a.m.49 views

Revert libxml2 behavior in Nokogiri gem that could cause XSS

MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...

6.1CVSS0.7AI score0.01984EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/03/27 5:0 p.m.108 views

CVE-2018-8048

CVE-2018-8048 affects the Loofah Ruby gem (through version 2.2.0). The vulnerability allows non-whitelisted HTML attributes to appear in sanitized output when a crafted HTML fragment is republished, enabling potential cross-site scripting (XSS). Public details come from the CVE entry and corrobor...

6.1CVSS5.9AI score0.01984EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2018/03/27 5:0 p.m.35 views

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

6.1CVSS6.5AI score0.01984EPSS
Exploits0
FreeBSD
FreeBSD
added 2018/03/22 12:0 a.m.31 views

rails-html-sanitizer -- possible XSS vulnerability

OSS-Security list: There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is...

6.1CVSS6.3AI score0.01984EPSS
Exploits0References1
RubySec
RubySec
added 2018/03/22 12:0 a.m.28 views

XSS vulnerability in rails-html-sanitizer

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-804...

6.1CVSS0.7AI score0.01984EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder