Описание
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.
Loofah is a general library for manipulating and transforming HTML/XML ...
Improper neutralization of data URIs may allow XSS in Loofah
EPSS
6.1 Medium
CVSS3