Lucene search
Veracode Vulnerability DatabaseVERACODE:21762HistoryOct 23, 2019 - 1:29 a.m.
Cross-Site Scripting (XSS)
2019-10-2301:29:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.003 Low
EPSS
Percentile
71.1%
loofah is vulnerable to cross-site scripting (XSS). Unsanitized JavaScript may occur in sanitized output when a malicious SVG element is republished, allowing a remote attacker to inject and execute arbitrary Javascript onto a victim’s browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| loofah | le | 2.3.0 | |
| ruby-loofah:xenial | eq | 2.0.3 | |
| loofah | le | 2.3.0 | |
| ruby-loofah:xenial | eq | 2.0.3 |
References
bugzilla.suse.com/show_bug.cgi?id=1154751
github.com/flavorjones/loofah/issues/171
hackerone.com/reports/709009
lists.fedoraproject.org/archives/list/[email protected]/message/4WK2UG7ORKRQOJ6E4XJ2NVIHYJES6BYZ/
lists.fedoraproject.org/archives/list/[email protected]/message/XMCWPLYPNIWYAY443IZZJ4IHBBLIHBP5/
security.netapp.com/advisory/ntap-20191122-0003/
usn.ubuntu.com/4498-1/
www.debian.org/security/2019/dsa-4554
Related
nessus
nessus
Ubuntu 16.04 LTS : Loofah vulnerability (USN-4498-1)
2020-09-15 00:00:00
SUSE SLES15 Security Update : rubygem-loofah (SUSE-SU-2022:3868-1)
2022-11-05 00:00:00
Fedora 31 : rubygem-loofah (2020-03c0964b6a)
2020-03-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4498-1)
2020-09-16 00:00:00
Debian: Security Advisory (DSA-4554-1)
2019-10-30 00:00:00
Fedora: Security Advisory for rubygem-loofah (FEDORA-2020-03c0964b6a)
2020-03-01 00:00:00
github
github
Loofah Allows Cross-site Scripting
2019-11-05 23:58:25
redhatcve
redhatcve
CVE-2019-15587
2019-11-19 14:37:50
osv
osv
Loofah Allows Cross-site Scripting
2019-11-05 23:58:25
CVE-2019-15587
2019-10-22 21:15:10
ruby-loofah - security update
2019-10-28 00:00:00
nvd
nvd
CVE-2019-15587
2019-10-22 21:15:10
cve
cve
CVE-2019-15587
2019-10-22 21:15:10
debiancve
debiancve
CVE-2019-15587
2019-10-22 21:15:10
cloudfoundry
cloudfoundry
CVE-2019-15587: CAPI contains a vulnerable Loofah gem | Cloud Foundry
2019-11-12 00:00:00
freebsd
freebsd
Loofah -- XSS vulnerability
2019-10-22 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: rubygem-loofah-2.2.3-4.fc31
2020-02-29 22:32:12
[SECURITY] Fedora 30 Update: rubygem-loofah-2.2.3-4.fc30
2020-02-29 22:46:15
ubuntucve
ubuntucve
CVE-2019-15587
2019-10-22 00:00:00
prion
prion
Code injection
2019-10-22 21:15:00
debian
debian
[SECURITY] [DSA 4554-1] ruby-loofah security update
2019-10-28 21:39:58
suse
suse
Security update for rubygem-loofah (moderate)
2022-11-04 00:00:00
ubuntu
ubuntu
Loofah vulnerability
2020-09-15 00:00:00
cvelist
cvelist
CVE-2019-15587
2019-10-22 20:07:47
ibm
ibm
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34