Lucene search
K

17 matches found

Snyk
Snyk
added 2026/03/18 5:26 p.m.5 views

Cross-site Scripting (XSS)

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Loofah::HTML5::Scrub.alloweduri? function. An attacker can inject malicious script...

7.2CVSS5.4AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-7500

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01686EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-7470

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00792EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-23515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, = 2.1.0, 2.19.1 is...

6.1CVSS6.3AI score0.00792EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS6.6AI score0.01104EPSS
Exploits0References5
OSV
OSV
added 2022/12/14 2:15 p.m.3 views

DEBIAN-CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.7AI score0.01686EPSS
Exploits0References1
OSV
OSV
added 2022/12/14 2:15 p.m.3 views

DEBIAN-CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

6.1CVSS6.3AI score0.00792EPSS
Exploits0References1
OSV
OSV
added 2022/12/14 2:15 p.m.1 views

DEBIAN-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS6.6AI score0.01104EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/12/14 2:15 p.m.29 views

CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.7AI score0.01686EPSS
Exploits0References3
OSV
OSV
added 2022/12/14 2:15 p.m.3 views

UBUNTU-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS6.7AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2022/12/14 2:15 p.m.1 views

UBUNTU-CVE-2022-23515

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

6.1CVSS6.6AI score0.00792EPSS
Exploits0References5
OSV
OSV
added 2022/12/14 2:15 p.m.3 views

UBUNTU-CVE-2022-23514

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.7AI score0.01686EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/14 1:26 p.m.3 views

CVE-2022-23516 Uncontrolled Recursion in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

7.5CVSS7.1AI score0.01104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/12/14 1:19 p.m.9 views

CVE-2022-23514 Inefficient Regular Expression Complexity in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS7.2AI score0.01686EPSS
Exploits0References3
Snyk
Snyk
added 2022/12/13 5:39 p.m.2 views

Cross-site Scripting (XSS)

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of data URIs, via the image/svg+xml media type. Details...

6.1CVSS5.4AI score0.00792EPSS
Exploits0References2
Snyk
Snyk
added 2022/12/13 5:36 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to containing an inefficient regular expression that is susceptible...

7.5CVSS6.8AI score0.01686EPSS
Exploits0References2
Veracode
Veracode
added 2017/10/12 9:24 a.m.14 views

Cross-site Scripting (XSS)

loofah is vulnerable to cross-site scripting XSS attacks. The library is does not properly sanitize nested script tags, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Rows per page
Query Builder