Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails html sanitizer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allo...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
2 Github repositories
NA
CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attribute...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
NA
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
NA
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an malicious user to inject content if the application developer has overr...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
384
VMScore
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
383
VMScore
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
383
VMScore
CVE-2015-7578
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via crafted tag attributes.
Rubyonrails Html Sanitizer
383
VMScore
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
383
VMScore
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started