3 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 elements such as math,...
CVE-2024-53988 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
PT-2024-36000
Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails = 7.1.0. This issue may allow an attacker to inject content if HTML5 sanitization...