Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an malicious user to inject content if the application developer has overr...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
NA
CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allo...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
2 Github repositories
4.3
CVSSv2
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
NA
CVE-2021-32858
esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Esdoc Esdoc-publish-html-plugin
NA
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
4.3
CVSSv2
CVE-2015-8510
Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS prior to 2.5 allows user-assisted remote malicious users to inject arbitrary web script or HTML via a crafted web site that is mishandled during "...
Mozilla Firefox Os
6.8
CVSSv2
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
4.3
CVSSv2
CVE-2021-23974
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
Mozilla Firefox
5
CVSSv2
CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac prior to 0.11.2 allows malicious users to conduct phishing attacks via unknown attack vectors.
Trac Trac 0.10.3.1
Trac Trac 0.10.3
Trac Trac 0.5.1
Trac Trac 0.8.3
Trac Trac 0.6
Trac Trac 0.6.1
Trac Trac 0.9.4
Trac Trac 0.9
Trac Trac
Trac Trac 0.10
Trac Trac 0.8.4
Trac Trac 0.7
Trac Trac 0.9.1
Trac Trac 0.9.6
Trac Trac 0.10.4
Trac Trac 0.10.5
Trac Trac 0.5.2
Trac Trac 0.5
Trac Trac 0.8.1
Trac Trac 0.8.2
Trac Trac 0.9.2
Trac Trac 0.9.5
4.3
CVSSv2
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »