Lucene search
Veracode Vulnerability DatabaseVERACODE:39086HistoryFeb 02, 2023 - 8:15 a.m.
Cross-Site Scripting (XSS)
2023-02-0208:15:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
cross-site scripting
sanitization vulnerability
html injection
allowlist configuration
0.001 Low
EPSS
Percentile
27.1%
sanitize is vulnerable to Cross-Site Scripting (XSS). An attacker is able to inject and execute arbitrary HTML on victim’s browser due to improper sanitization when the library is configured with a custom allowlist that allows noscript elements.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sanitize | le | 6.0.0 | |
| sanitize | le | 6.0.0 | |
| ruby-sanitize:sid | eq | 4.6.6-2.1 | |
| ruby-sanitize:sid | eq | 5.2.1-2 | |
| ruby-sanitize:bookworm | eq | 5.2.1-2 |
Related
prion
prion
Cross site scripting
2023-01-28 00:15:00
nvd
nvd
CVE-2023-23627
2023-01-28 00:15:09
osv
osv
CVE-2023-23627
2023-01-28 00:15:09
ruby-sanitize vulnerabilities
2024-04-24 05:23:38
debiancve
debiancve
CVE-2023-23627
2023-01-28 00:15:09
ubuntucve
ubuntucve
CVE-2023-23627
2023-01-28 00:00:00
github
github
cvelist
cvelist
cve
cve
CVE-2023-23627
2023-01-28 00:15:09
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)
2024-04-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6748-1)
2024-04-25 00:00:00
ubuntu
ubuntu
Sanitize vulnerabilities
2024-04-24 00:00:00