10 matches found
USN-6748-1: Sanitize vulnerabilities
It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6748-1 advisory. It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use thi...
Debian dsa-5616 : ruby-sanitize - security update
The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5616 advisory. - Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize...
[SECURITY] [DSA 5616-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5616-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2024 https://www.debian.org/security/faq -...
Debian: Security Advisory (DLA-3652-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3652-1] ruby-sanitize security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 14, 2023 https://wiki.debian.org/LTS -...
Debian dla-3652 : ruby-sanitize - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3652 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-36823
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...
CVE-2023-36823
CVE-2023-36823 affects the Ruby sanitizer library (Sanitize). Older releases (3.0.0–6.0.1) could allow crafted HTML/CSS to bypass allowlisting when using the built-in relaxed config or a custom config permitting style elements and CSS at‑rules, enabling cross‑site scripting. Sanitize 6.0.2 fixes ...
CVE-2023-36823
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...