Cross-site Scripting (XSS)
rails-html-sanitizer is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of HTML content when specific configurations are used. If HTML5 sanitization is enabled and the application developer overrides the sanitizer's allowed tags to include both "math" a...