Описание
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...
Improper neutralization of data URIs may allow XSS in rails-html-sanitizer
Уязвимость реализации конфигурации инструмента очистки HTML для приложений Rails Rails Html Sanitizer, связанная с неправильной нейтрализацией входных данных во время генерации веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
6.1 Medium
CVSS3
6.1 Medium
CVSS3