Lucene search
Veracode Vulnerability DatabaseVERACODE:38477HistoryDec 14, 2022 - 1:27 p.m.
Cross-site Scripting (XSS)
2022-12-1413:27:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
cross-site scripting
vulnerability
rails-html-sanitizer
scrub_attribute function
scrubbers.rb
data uris
loofah
EPSS
0.001
Percentile
46.6%
rails-html-sanitizer is vulnerable to cross site scripting. The vulnerability exists in the scrub_attribute function of scrubbers.rb when the data URIs are used in combination with loofah.
References
github.com/advisories/GHSA-mcvf-2q2m-x72m
github.com/rails/rails-html-sanitizer/commit/297161e29a3e11186ce4c02bf7defc088bf544d4
github.com/rails/rails-html-sanitizer/issues/135
github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m
hackerone.com/reports/1694173
lists.debian.org/debian-lts-announce/2023/09/msg00012.html
Related
redhatcve
redhatcve
CVE-2022-23518
2022-12-15 10:00:06
osv
osv
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
2022-12-13 17:45:39
CVE-2022-23518
2022-12-14 17:15:10
ruby-rails-html-sanitizer - security update
2023-09-13 00:00:00
cve
cve
CVE-2022-23518
2022-12-14 17:15:10
nvd
nvd
CVE-2022-23518
2022-12-14 17:15:10
debiancve
debiancve
CVE-2022-23518
2022-12-14 17:15:10
prion
prion
Cross site scripting
2022-12-14 17:15:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2022-23518
2022-12-14 00:00:00
rubygems
rubygems
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
2022-12-12 21:00:00
github
github
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
2022-12-13 17:45:39
hackerone
hackerone
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-91e69ea326)
2024-09-10 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3714-1)
2024-03-04 00:00:00
Debian: Security Advisory (DLA-3566-1)
2023-09-14 00:00:00
redos
redos
ROS-20240815-13
2024-08-15 00:00:00
nessus
nessus
Fedora 40 : rubygem-rails-html-sanitizer (2023-91e69ea326)
2024-04-29 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rails-html-sanitizer (SUSE-SU-2023:3714-1)
2023-09-21 00:00:00
Debian DLA-3566-1 : ruby-rails-html-sanitizer - LTS security update
2023-09-14 00:00:00
debian
debian
[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update
2023-09-13 15:09:12
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
redhat
redhat
(RHSA-2023:2097) Important: Satellite 6.13 Release
2023-05-03 13:09:51