6 matches found
Rails HTML Sanitizers 跨站脚本漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A cross-site scripting vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a cross-site scripting vulnerability under certain configurations that could easily lead to...
Rails HTML Sanitizers 跨站脚本漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A cross-site scripting vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a cross-site scripting attack XSS vulnerability under certain configurations that could easily...
Rails HTML Sanitizers 安全漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A security vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a vulnerability to a cross-site scripting attack when used with Rails 7.1.0 and earlier versions, which can ...
Rails HTML Sanitizers 跨站脚本漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A cross-site scripting vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a vulnerability to a cross-site scripting attack that could allow an attacker to inject content...
SUSE CVE-2021-23974
The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...
DEBIAN-CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...