13 matches found
SUSE CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
SUSE SLES15: ruby2.5-rubygem-loofah / ruby2.5-rubygem-loofah-doc / etc (SUSE-SU-2022:3868-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3868-1 advisory. - CVE-2019-15587: Fixed issue in sanitization of crafted SVG elements bsc1154751. Tenable has extracted the preceding description block...
Ubuntu: Security Advisory (USN-4498-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4498-1: Loofah vulnerability
It was discovered that Loofah does not properly sanitize JavaScript in sanitized output. An attacker could possibly use this issue to perform XSS attacks. CVE-2019-15587...
Fedora 31 : rubygem-loofah (2020-03c0964b6a)
Fix XXS when a crafted SVG element is republished. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues....
Fedora 30 : rubygem-loofah (2020-1ebc4b8284)
Fix XXS when a crafted SVG element is republished. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues....
[SECURITY] [DSA 4554-1] ruby-loofah security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4554-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 28, 2019 https://www.debian.org/security/faq -...
CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
UBUNTU-CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
CVE-2019-15587
CVE-2019-15587 affects the Loofah gem for Ruby up to version 2.3.0, where crafted SVG content can cause unsanitized JavaScript to appear in sanitized output (XSS risk). Exploitation details are not provided beyond this description. Remediation across ecosystems includes upgrading to patched Loofa...
CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...