Lucene search
+L

9 matches found

OpenVAS
OpenVAS
added 2024/09/30 12:0 a.m.20 views

Debian: Security Advisory (DLA-3902-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.29316EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.32 views

Fedora 40 : rubygem-rails-html-sanitizer (2023-91e69ea326)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-91e69ea326 advisory. Automatic update for rubygem-rails-html-sanitizer-1.6.0-1.fc40. Changelog Thu Nov 23 2023 Vt Ondruch - 1.6.0-1 - Update to rails-html-sanitizer 1.6....

7.2CVSS6.7AI score0.0111EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.33 views

SUSE SLES15: ruby2.5-rubygem-rails-html-sanitizer / etc (SUSE-SU-2023:3714-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3714-1 advisory. - CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize...

7.5CVSS6.7AI score0.01454EPSS
Exploits3References13
OpenVAS
OpenVAS
added 2023/09/14 12:0 a.m.26 views

Debian: Security Advisory (DLA-3566-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.01454EPSS
Exploits3References4
Debian
Debian
added 2023/09/13 3:9 p.m.79 views

[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3566-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler September 13, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.8AI score0.29316EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.4 views

SUSE CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS6.1AI score0.0111EPSS
Exploits1References6
Hacker One
Hacker One
added 2022/12/14 9:17 p.m.114 views

Internet Bug Bounty: CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

The following is from: https://hackerone.com/reports/1654310 While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability...

5.8CVSS6.3AI score0.29316EPSS
Exploits2
CVE
CVE
added 2022/12/14 5:7 p.m.191 views

CVE-2022-23520

The CVE concerns ruby-rails-html-sanitizer used by Rails apps. Affected when developers override Rails::Html::Sanitizer’s allowed tags to include both "select" and "style" elements, enabling an XSS payload. Root cause is an incomplete fix of CVE-2022-32209; the issue is fixed in version 1.4.4. Im...

6.1CVSS6.3AI score0.0111EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/12/14 5:7 p.m.47 views

CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS6.5AI score0.0111EPSS
Exploits1References3
Rows per page
Query Builder