sanitize is vulnerable to Cross-Site Scripting (XSS). An attacker is able to inject and execute arbitrary HTML on victim’s browser due to improper sanitization when the library is configured with a custom allowlist that allows noscript
elements.
CPE | Name | Operator | Version |
---|---|---|---|
sanitize | le | 6.0.0 | |
sanitize | le | 6.0.0 | |
ruby-sanitize:sid | eq | 4.6.6-2.1 | |
ruby-sanitize:sid | eq | 5.2.1-2 | |
ruby-sanitize:bookworm | eq | 5.2.1-2 |