Lucene search
K
Sanitize ProjectSanitize

4 matches found

CVE
CVE
added 2020/06/16 10:10 p.m.119 views

CVE-2020-4054

Summary of CVE-2020-4054 details from connected docs: The Ruby gem Sanitize (versions =3.0.0) had a cross-site scripting bypass when sanitizing HTML with the default or relaxed/custom configs that allowed elements such as iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, x...

7.3CVSS6.7AI score0.01853EPSS
CVE
CVE
added 2023/07/06 3:6 p.m.103 views

CVE-2023-36823

CVE-2023-36823 affects the Ruby sanitizer library (Sanitize). Older releases (3.0.0–6.0.1) could allow crafted HTML/CSS to bypass allowlisting when using the built-in relaxed config or a custom config permitting style elements and CSS at‑rules, enabling cross‑site scripting. Sanitize 6.0.2 fixes ...

7.1CVSS6.1AI score0.00712EPSS
CVE
CVE
added 2023/01/27 11:44 p.m.101 views

CVE-2023-23627

CVE-2023-23627 affects the Sanitize HTML/CSS sanitizer. Vulnerable when using a custom element allowlist that includes noscript, impacting Sanitize versions 5.0.0 up to but not including 6.0.1. In such configurations, arbitrary HTML could be introduced and rendered in browsers, enabling cross-sit...

6.1CVSS6.1AI score0.00525EPSS
CVE
CVE
added 2018/03/30 7:0 p.m.92 views

CVE-2018-3740

CVE-2018-3740 affects the ruby-sanitize (Sanitize gem for Ruby) whitelist-based HTML sanitizer. A specially crafted HTML fragment can cause non-whitelisted attributes to be applied to whitelisted elements, enabling HTML injection-like behavior. Debian’s DSA-4358-1 fixes the issue in ruby-sanitize...

7.5CVSS6.4AI score0.0152EPSS