Lucene search
K

11 matches found

NVD
NVD
added 2024/12/02 10:15 p.m.36 views

CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS0.00462EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/12/02 9:48 p.m.24 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. Versions affected: 1.6.0 Not affected: 1.6.0 Fixed versions: 1.6.1 Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may...

6.1CVSS5.6AI score0.00435EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/12/02 9:15 p.m.35 views

CVE-2024-53987 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

2.3CVSS0.00435EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/12/02 9:15 p.m.6 views

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS4.5AI score0.00435EPSS
Exploits0
NVD
NVD
added 2024/12/02 9:15 p.m.41 views

CVE-2024-53989

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS0.00463EPSS
Exploits0References2
CVE
CVE
added 2024/12/02 9:13 p.m.115 views

CVE-2024-53986

Rails HTML Sanitizer (rails-html-sanitizer) version 1.6.0 has a potential XSS when HTML5 sanitization is enabled and both math and style tags are explicitly allowed. The issue arises if developers override sanitizer rules (e.g., allowed_tags or sanitize options) to permit both tags, enabling cont...

6.1CVSS5.6AI score0.00462EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/12/02 9:13 p.m.11 views

CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS4.5AI score0.00462EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/12/02 9:7 p.m.12 views

CVE-2024-53989 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

2.3CVSS5.8AI score0.00463EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.5 views

Rails HTML Sanitizers 安全漏洞

Rails HTML Sanitizers is an HTML cleanup tool from the US Rails team for use in Rails applications. A security vulnerability exists in Rails HTML Sanitizers version 1.6.0, which stems from a vulnerability to a cross-site scripting attack when used with Rails 7.1.0 and earlier versions, which can ...

6.1CVSS5.5AI score0.00463EPSS
Exploits0References3
RubySec
RubySec
added 2024/12/02 12:0 a.m.18 views

rails-html-sanitizer has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

6.1CVSS5.7AI score0.00581EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.6 views

PT-2024-21298 · Rails +2 · Rails +2

Name of the Vulnerable Software and Affected Versions: Rails versions 7.1.0 through 7.1.3.0 Description: There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This issue can cause Accept header parsing to take an unexpected amount of time, possibly...

7.5CVSS7.8AI score0.01498EPSS
Exploits0References20
Rows per page
Query Builder