Lucene search
GoogleOSV:GHSA-PX3R-JM9G-C8W8HistoryApr 26, 2018 - 3:41 p.m.
rails-html-sanitizer Cross-site Scripting vulnerability
2018-04-2615:41:10
Google
osv.dev
12
0.002 Low
EPSS
Percentile
59.1%
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
| CPE | Name | Operator | Version |
|---|---|---|---|
| rails-html-sanitizer | eq | 1.0.2 | |
| rails-html-sanitizer | eq | 1.0.3 | |
| rails-html-sanitizer | eq | 1.0.0 | |
| rails-html-sanitizer | eq | 1.0.1 |
Related
github
github
rails-html-sanitizer Cross-site Scripting vulnerability
2018-04-26 15:41:10
Cross-site Scripting in loofah
2018-03-21 11:57:11
nessus
nessus
FreeBSD : rails-html-sanitizer -- possible XSS vulnerability (81946ace-6961-4488-a164-22d58ebc8d66)
2018-03-27 00:00:00
FreeBSD : Loofah -- XSS vulnerability (ba6d0c9b-f5f6-4b9b-a6de-3cce93c83220)
2018-03-21 00:00:00
Debian DSA-4171-1 : ruby-loofah - security update
2018-04-16 00:00:00
cve
cve
CVE-2018-3741
2018-03-30 19:29:00
CVE-2018-8048
2018-03-27 17:29:00
debiancve
debiancve
CVE-2018-3741
2018-03-30 19:29:00
CVE-2018-8048
2018-03-27 17:29:00
hackerone
hackerone
Ruby on Rails: XSS vulnerability in sanitize-method when parsing link's href
2018-03-21 14:57:43
freebsd
freebsd
rails-html-sanitizer -- possible XSS vulnerability
2018-03-22 00:00:00
Loofah -- XSS vulnerability
2018-03-15 00:00:00
ubuntucve
ubuntucve
CVE-2018-3741
2018-03-30 00:00:00
CVE-2018-8048
2018-03-27 00:00:00
prion
prion
Design/Logic Flaw
2018-03-30 19:29:00
Hardcoded credentials
2018-03-27 17:29:00
osv
osv
CVE-2018-3741
2018-03-30 19:29:00
Cross-site Scripting in loofah
2018-03-21 11:57:11
ruby-loofah - security update
2018-04-13 00:00:00
nvd
nvd
CVE-2018-3741
2018-03-30 19:29:00
CVE-2018-8048
2018-03-27 17:29:00
redhatcve
redhatcve
CVE-2018-3741
2018-04-18 10:49:01
CVE-2018-8048
2020-04-06 17:05:35
cvelist
cvelist
CVE-2018-3741
2018-03-30 19:00:00
CVE-2018-8048
2018-03-27 17:00:00
rubygems
rubygems
Revert libxml2 behavior in Nokogiri gem that could cause XSS
2018-03-28 21:00:00
XSS vulnerability in rails-html-sanitizer
2018-03-21 21:00:00
redhat
redhat
veracode
veracode
Cross-site Scripting (XSS)
2018-03-23 02:20:59
Cross-site Scripting (XSS)
2018-03-20 05:38:48
openvas
openvas
Debian: Security Advisory (DSA-4171-1)
2018-04-12 00:00:00
debian
debian
[SECURITY] [DSA 4171-1] ruby-loofah security update
2018-04-13 19:12:19
[SECURITY] [DSA 4171-1] ruby-loofah security update
2018-04-13 19:12:19
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
kitploit
kitploit