15 matches found
SUSE CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
SUSE-SU-2019:2209-1 Security update for rubygem-loofah
This update for rubygem-loofah fixes the following issues: - Security issue fixed: - CVE-2018-8048: Update fix to make Loofah::HTML5::Scrub.forcecorrectattributeescaping! callable from other gems bsc1086598...
SUSE-SU-2019:0394-1 Security update for rubygem-loofah
This update for rubygem-loofah fixes the following issues: Security issues fixed: - CVE-2018-16468: Fixed XXS by removing the svg animate attribute from from the allowlist bsc1113969. - CVE-2018-8048: Fixed XSS vulnerability due to unescaped characters by libcxml2 bsc1085967...
rails-html-sanitizer Cross-site Scripting vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...
GHSA-PX3R-JM9G-C8W8 rails-html-sanitizer Cross-site Scripting vulnerability
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...
Debian DSA-4171-1 : ruby-loofah - security update
The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially crafted HTML fragments. This might allow to mount a...
[SECURITY] [DSA 4171-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4171-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4171-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2018 https://www.debian.org/security/faq -...
Design/Logic Flaw
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...
Revert libxml2 behavior in Nokogiri gem that could cause XSS
MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...
CVE-2018-8048
CVE-2018-8048 affects the Loofah Ruby gem (through version 2.2.0). The vulnerability allows non-whitelisted HTML attributes to appear in sanitized output when a crafted HTML fragment is republished, enabling potential cross-site scripting (XSS). Public details come from the CVE entry and corrobor...
CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
rails-html-sanitizer -- possible XSS vulnerability
OSS-Security list: There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is...
XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-804...