Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.

Loofah versions between 2.1.0 and 2.19.1 were vulnerable to a cross-site scripting XSS attack via the image/svg+xml media type in data URIs. This allowed an attacker to bypass HTML sanitization and execute malicious code. The vulnerability was mitigated by upgrading to Loofah version 2.19.1 or...