Lucene search
K

9 matches found

Hacker One
Hacker One
added 2025/02/23 5:3 p.m.786 views

Ruby on Rails: 1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer

Vulnerability description not provided...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/12/02 9:48 p.m.24 views

rails-html-sanitize has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

6.1CVSS5.4AI score0.00581EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/14 6:15 p.m.48 views

CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS6.7AI score0.0111EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/12/14 5:7 p.m.26 views

CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS6.5AI score0.0111EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/12/13 5:50 p.m.53 views

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

7.2CVSS6.5AI score0.00988EPSS
Exploits1References7Affected Software1
Hacker One
Hacker One
added 2022/07/29 9:46 p.m.59 views

Ruby on Rails: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability suggested that this should fix it see here:...

5.8CVSS6.1AI score0.29316EPSS
Exploits2
OSV
OSV
added 2022/06/25 12:0 a.m.39 views

GHSA-PG8V-G4XQ-HWW9 Rails::Html::Sanitizer vulnerable to Cross-site Scripting

Versions of Rails::Html::Sanitizer prior to version 1.4.3 are vulnerable to XSS with certain configurations of Rails::Html::Sanitizer which allows an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. Code...

6.1CVSS6.2AI score0.29316EPSS
Exploits1References12
Prion
Prion
added 2022/06/24 3:15 p.m.25 views

Design/Logic Flaw

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

4.3CVSS6.1AI score0.29316EPSS
Exploits1References4Affected Software3
Hacker One
Hacker One
added 2022/04/05 7:34 a.m.39 views

Ruby on Rails: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

It seems to be a problem caused by a difference between the nokogiri java implementation and the ruby implementation. It seems to be an ambiguous case as to whether to do it with nokogiri or have rails-html-sanitizer defend it. jruby9.3.3.0 nokogiri java, use...

4.3CVSS0.1AI score0.29316EPSS
Exploits1
Rows per page
Query Builder