Lucene search
+L

10 matches found

Ubuntu
Ubuntu
added 2024/04/24 5:23 a.m.42 views

USN-6748-1: Sanitize vulnerabilities

It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...

7.1CVSS6.3AI score0.00712EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.27 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6748-1 advisory. It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use thi...

7.1CVSS6.4AI score0.00712EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/06 12:0 a.m.19 views

Debian dsa-5616 : ruby-sanitize - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5616 advisory. - Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize...

7.1CVSS6.3AI score0.00712EPSS
Exploits0References5
Debian
Debian
added 2024/02/05 9:53 p.m.53 views

[SECURITY] [DSA 5616-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2024 https://www.debian.org/security/faq -...

7.1CVSS6.2AI score0.00712EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/11/15 12:0 a.m.13 views

Debian: Security Advisory (DLA-3652-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS6.4AI score0.00712EPSS
Exploits0References3
Debian
Debian
added 2023/11/14 2:30 p.m.70 views

[SECURITY] [DLA 3652-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 14, 2023 https://wiki.debian.org/LTS -...

7.1CVSS6.2AI score0.00712EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/14 12:0 a.m.25 views

Debian dla-3652 : ruby-sanitize - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3652 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/...

7.1CVSS6.5AI score0.00712EPSS
Exploits0References4
NVD
NVD
added 2023/07/06 4:15 p.m.18 views

CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

7.1CVSS6.6AI score0.00712EPSS
Exploits0References4
CVE
CVE
added 2023/07/06 3:6 p.m.103 views

CVE-2023-36823

CVE-2023-36823 affects the Ruby sanitizer library (Sanitize). Older releases (3.0.0–6.0.1) could allow crafted HTML/CSS to bypass allowlisting when using the built-in relaxed config or a custom config permitting style elements and CSS at‑rules, enabling cross‑site scripting. Sanitize 6.0.2 fixes ...

7.1CVSS6.1AI score0.00712EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/06 12:0 a.m.25 views

CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

7.1CVSS6.7AI score0.00712EPSS
Exploits0References6
Rows per page
Query Builder