11 matches found
CVE-2024-53986
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
rails-html-sanitizer has XSS vulnerability with certain configurations
Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...
CVE-2024-53987 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53987
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53989
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53986
Rails HTML Sanitizer (rails-html-sanitizer) version 1.6.0 has a potential XSS when HTML5 sanitization is enabled and both math and style tags are explicitly allowed. The issue arises if developers override sanitizer rules (e.g., allowed_tags or sanitize options) to permit both tags, enabling cont...
CVE-2024-53986
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53989 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
Rails HTML Sanitizers 安全漏洞
Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A security vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a vulnerability to a cross-site scripting attack when used with Rails 7.1.0 and earlier versions, which can ...
rails-html-sanitizer has XSS vulnerability with certain configurations
Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...
PT-2024-21298 · Rails +2 · Rails +2
Name of the Vulnerable Software and Affected Versions: Rails versions 7.1.0 through 7.1.3.0 Description: There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This issue can cause Accept header parsing to take an unexpected amount of time, possibly...