2 matches found
The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language is related to the lack of measures taken to protect the structure of web pages when processing style elements. Exploiting this vulnerability allows a remote attacker to perform...
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize = 3.0.0, = 6.0.2 performs additional escaping of CSS in style element content, which fixes this issue. Workarounds Users who are unable to upgrade can prevent this issue by using a...