3 matches found
CVE-2024-53989
A cross-site scripting XSS vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element...
CVE-2024-53989
CVE-2024-53989 affects rails-html-sanitizer (Rails 7.1.0+ and sanitizer 1.6.0). The issue is a possible cross-site scripting (XSS) vulnerability when HTML5 sanitization is enabled and the application overrides the sanitizer’s allowed tags to include the noscript element. The vulnerability is fixe...
CVE-2024-53989 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...