You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes. Discovery Date: 2019-08-08 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Description: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class. Discovery Date: 2019-08-08 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Description: Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. Discovery Date: 2019-08-08 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Description: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately. Discovery Date: 2018-04-23 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVE-2015-7578
Description: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
Discovery Date: 2019-08-08
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.3
Exploitability score: 8.6Impact score: 2.9
Vendors
References
CVE-2015-7579
Description: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Discovery Date: 2019-08-08
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.3
Exploitability score: 8.6Impact score: 2.9
Vendors
References
CVE-2015-7580
Description: Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
Discovery Date: 2019-08-08
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.3
Exploitability score: 8.6Impact score: 2.9
Vendors
References
CVE-2018-3741
Description: There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Discovery Date: 2018-04-23
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score: 4.3
Exploitability score: 8.6Impact score: 2.9
Vendors
References
The text was updated successfully, but these errors were encountered: