Lucene search
K

9 matches found

OSV
OSV
added 2024/12/02 9:48 p.m.14 views

GHSA-W8GC-X259-RC7X rails-html-sanitize has XSS vulnerability with certain configurations

Summary There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri = 1.16.8. Impact A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5...

2.3CVSS4.9AI score0.00581EPSS
Exploits0References6
OSV
OSV
added 2017/10/24 6:33 p.m.39 views

GHSA-J838-VFPQ-FMF2 actionpack Cross-site Scripting vulnerability

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS6.8AI score0.01868EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.38 views

actionpack Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML...

4.3CVSS5.2AI score0.01977EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.42 views

actionpack Cross-site Scripting vulnerability

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS3.3AI score0.01868EPSS
Exploits0References12Affected Software1
Prion
Prion
added 2013/03/19 10:55 p.m.29 views

Cross site scripting

The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS5.8AI score0.01868EPSS
Exploits0References10Affected Software3
GitLab Advisory Database
GitLab Advisory Database
added 2013/03/19 12:0 a.m.34 views

XSS Vulnerability in the `sanitize` helper

The sanitize helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious...

4.3CVSS0.8AI score0.01868EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/03/19 12:0 a.m.34 views

CVE-2013-1857 rubygem-actionpack: sanitize_protocol: XSS Vulnerability in the helper of Ruby on Rails

'The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...

4.3CVSS5AI score0.01868EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2013/03/18 12:0 a.m.45 views

rubygem-rails -- multiple vulnerabilities

Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...

5.8CVSS6.3AI score0.03438EPSS
Exploits2References5
OSV
OSV
added 2012/08/10 10:34 a.m.2 views

DEBIAN-CVE-2012-3465

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS6AI score0.01977EPSS
Exploits1References1
Rows per page
Query Builder