CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0174

Malware in sbrugna...

7.5CVSS7.6AI score0.00263EPSS

Exploits0References12

SUSE CVE•added 2023/02/15 4:33 a.m.•1 views

SUSE CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS9.1AI score0.00263EPSS

Exploits0References3

OSV•added 2020/06/16 10:15 p.m.•1 views

DEBIAN-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

7.3CVSS6.8AI score0.00484EPSS

Exploits0References1

FreeBSD•added 2018/06/25 12:0 a.m.•25 views

Gitlab -- multiple vulnerabilities

Gitlab reports: Wiki XSS Sanitize gem updates XSS in urlforparams Content injection via username Activity feed publicly displaying internal project names Persistent XSS in charts...

7.5CVSS3.2AI score0.00263EPSS

Exploits3References1

NVD•added 2018/03/30 7:29 p.m.•18 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.3AI score0.00263EPSS

Exploits0References4

OSV•added 2018/03/30 7:29 p.m.•0 views

UBUNTU-CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.1AI score0.00263EPSS

Exploits0References4

Prion•added 2018/03/30 7:29 p.m.•18 views

Hardcoded credentials

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

5CVSS7.3AI score0.00263EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2018/03/30 7:29 p.m.•19 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.1AI score0.00263EPSS

Exploits0References3

OSV•added 2018/03/30 7:29 p.m.•22 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.6AI score

Exploits0References4

Cvelist•added 2018/03/30 7:0 p.m.•24 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

6.6AI score0.00263EPSS

Exploits0References4

CVE•added 2018/03/30 7:0 p.m.•86 views

CVE-2018-3740

CVE-2018-3740 affects the ruby-sanitize (Sanitize gem for Ruby) whitelist-based HTML sanitizer. A specially crafted HTML fragment can cause non-whitelisted attributes to be applied to whitelisted elements, enabling HTML injection-like behavior. Debian’s DSA-4358-1 fixes the issue in ruby-sanitize...

7.5CVSS6.4AI score0.00263EPSS

Exploits0References4Affected Software1

Debian CVE•added 2018/03/30 7:0 p.m.•24 views

CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

7.5CVSS7.5AI score0.00263EPSS

Exploits0

RubySec•added 2018/03/29 12:0 a.m.•46 views

Revert libxml2 behavior in Nokogiri gem that could cause XSS

MRI Behavior in libxml2 has been reverted which caused CVE-2018-8048 loofah gem, CVE-2018-3740 sanitize gem, and CVE-2018-3741 rails-html-sanitizer gem. The commit in question is here: https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impa...

6.1CVSS0.7AI score0.00689EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by