CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

Cvelist•added 2025/10/31 8:54 a.m.•3 views

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

5.4CVSS0.00028EPSS

Exploits0References1

Positive Technologies•added 2025/10/31 12:0 a.m.•2 views

PT-2025-44595

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Malicious content delivered via email can be leveraged to conduct a redressing attack. This allows attackers to deceive users into performing unintended actions or disclosing sensitive information to...

5.4CVSS6.3AI score0.00028EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 7:59 p.m.•5 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

9.6CVSS7.2AI score0.00792EPSS

Exploits0References1

Vulnrichment•added 2024/12/02 9:15 p.m.•26 views

CVE-2024-53987 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

2.3CVSS5.8AI score0.01968EPSS

Exploits0References2

Vulnrichment•added 2024/12/02 9:9 p.m.•23 views

CVE-2024-53988 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

2.3CVSS5.8AI score0.0228EPSS

Exploits0References2

UbuntuCve•added 2022/12/14 5:15 p.m.•31 views

CVE-2022-23519

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...

7.2CVSS6.7AI score0.00172EPSS

Exploits1References3

UbuntuCve•added 2022/12/14 5:15 p.m.•28 views

CVE-2022-23517

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.6AI score0.00296EPSS

Exploits0References4

CNVD•added 2021/08/25 12:0 a.m.•18 views

LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...

9.6CVSS1.4AI score0.00792EPSS

Exploits0References1

Prion•added 2021/08/23 1:15 p.m.•17 views

Information disclosure

6.8CVSS9AI score0.00792EPSS

Exploits0References3Affected Software2

OSV•added 2021/08/23 1:15 p.m.•0 views

UBUNTU-CVE-2021-3693

9.6CVSS7.2AI score0.00792EPSS

Exploits0References6

Positive Technologies•added 2021/08/23 12:0 a.m.•1 views

PT-2021-21413 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB affected versions not specified Description: The issue is related to LedgerSMB not checking the origin of HTML fragments merged into the browser's DOM. This can be exploited by sending a specially crafted URL to an authenticated use...

9.6CVSS7.5AI score0.00792EPSS

Exploits1References31

OSV•added 2021/01/04 7:15 p.m.•10 views

CVE-2020-26293

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the tag, an attacker could craft HTML that includ...

6.1CVSS5.9AI score

Exploits0References4

Prion•added 2021/01/04 7:15 p.m.•14 views

Design/Logic Flaw

4.3CVSS5.9AI score0.00344EPSS

Exploits0References4Affected Software1

CVE•added 2021/01/04 6:20 p.m.•90 views

CVE-2020-26293

The provided connected documents confirm a concrete vulnerability in HtmlSanitizer (a .NET library) where an XSS bypass is possible in versions before 5.0.372 if the tag is explicitly allowed. The default policy disallows , so risk exists only when that tag is whitelisted. The issue has been fix...

6.1CVSS5.9AI score0.00344EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2018/04/18 10:49 a.m.•33 views

CVE-2018-3741

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS3.1AI score0.00689EPSS

Exploits0References1

UbuntuCve•added 2018/03/30 7:29 p.m.•22 views

CVE-2018-3741

6.1CVSS6.6AI score0.00121EPSS

Exploits0References2

OSV•added 2018/03/30 7:29 p.m.•23 views

CVE-2018-3741

6.1CVSS6AI score

Exploits0References1

Cvelist•added 2018/03/30 7:0 p.m.•21 views

CVE-2018-3741

6.1AI score0.00121EPSS

Exploits0References1

FreeBSD•added 2018/03/22 12:0 a.m.•30 views

rails-html-sanitizer -- possible XSS vulnerability

OSS-Security list: There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is...

6.1CVSS6.3AI score0.00689EPSS

Exploits0References1