3 matches found
SUSE CVE-2024-53986
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Note Exploiting this vulnerability is only possible when the following are true: 1 HTML5 sanitization is enabled 2 The application developer has overridden the sanitizer'...
PT-2024-35997
Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: The issue is related to a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails = 7.1.0 and Nokogiri = 1.16.8...