5 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Note Exploiting this vulnerability is only possible when the following are true: 1 HTML5 sanitization is enabled 2 The application developer has overridden the sanitizer'...
SUSE CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
DEBIAN-CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to certain configurations of rails::Html::Sanitizer which allow attackers to inject content if the application developer have overridden the sanitizer's allowed tags in either of the following ways: 1 allow...