11 matches found
EUVD-2020-0615
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-4054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using...
CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...
CVE-2024-53986
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53987
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
DEBIAN-CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...
Rails 跨站脚本漏洞
Rails is a Ruby-based open source web application framework from the Rails team. A cross-site scripting vulnerability exists in Rails rails-html-sanitizer versions prior to 1.4.4, which stems from a possible XSS vulnerability in certain configurations of Rails::Html::Sanitizer that could allow an...
GHSA-CHQJ-J4FH-RW7M Cross-Site Scripting in dompurify
Versions of dompurify prior to 2.0.3 are vulnerable to Cross-Site Scripting XSS. The package has an XSS filter bypass due to Mutation XSS in both Chrome and Safari through a combination of / elements and /. An example payload is: ". This allows attackers to bypass the XSS protection and execute...
Cross-site Scripting (XSS)
Overview sanitize is a Ruby HTML and CSS sanitizer. Affected versions of this package are vulnerable to Cross-site Scripting XSS. When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly...
Sanitize Cross-Site Scripting Vulnerability
Sanitize is an HTML and CSS cleaner from Ryan Grove Software Developers in the USA that supports removing HTML and CSS from strings and more. A cross-site scripting vulnerability exists in Sanitize 3.0.0 and later versions fixed in version 5.2.1. When using Sanitize's "relaxed" configuration or...
UBUNTU-CVE-2019-16728
DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...