Ubuntu: Security Advisory (USN-6748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6748-1: Sanitize vulnerabilities

It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 22.04 LTS. CVE-2023-23627 It was discovered that Sanitize incorrectly handled...

Debian: Security Advisory (DSA-5616-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-5616-1 ruby-sanitize - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3652-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3652-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb November 14, 2023 https://wiki.debian.org/LTS -...

DLA-3652-1 ruby-sanitize - security update

Bulletin has no description...

Debian dla-3652 : ruby-sanitize - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3652 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3652-1 [email protected] https://www.debian.org/lts/security/...

Cross-site Scripting (XSS)

Overview sanitize is a Ruby HTML and CSS sanitizer. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient neutralization of style element content. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS when the library is...

SUSE CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

Ubuntu: Security Advisory (USN-4543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4543-1: Sanitize vulnerability

Michał Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2020-4054...

USN-4543-1 ruby-sanitize vulnerability

Michał Bentkowski discovered that Sanitize did not properly sanitize some math or svg HTML under certain circumstances. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2020-4054...

Debian DSA-4730-1 : ruby-sanitize - security update

Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the 'relaxed' or a custom config allowing certain elements. Content in a or element may not be sanitized correctly even if math and svg are not in the...

Debian: Security Advisory (DSA-4730-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4730-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4730-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 19, 2020 https://www.debian.org/security/faq -...

DSA-4730-1 ruby-sanitize - security update

Bulletin has no description...

UBUNTU-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

Debian DSA-4358-1 : ruby-sanitize - security update

The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow nonwhitelisted attributes to be used on a whitelisted HTML element. C Tenable Network Security,...

[SECURITY] [DSA 4358-1] ruby-sanitize security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 27, 2018 https://www.debian.org/security/faq -...