Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attribute...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an malicious user to inject content if the application developer has overr...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-32858
esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Esdoc Esdoc-publish-html-plugin
6.1
CVSSv3
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
6.1
CVSSv3
CVE-2015-8510
Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS prior to 2.5 allows user-assisted remote malicious users to inject arbitrary web script or HTML via a crafted web site that is mishandled during "...
Mozilla Firefox Os
NA
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape saniti...
7.3
CVSSv3
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
6.1
CVSSv3
CVE-2021-23974
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
Mozilla Firefox
NA
CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac prior to 0.11.2 allows malicious users to conduct phishing attacks via unknown attack vectors.
Trac Trac 0.10.3.1
Trac Trac 0.10.3
Trac Trac 0.5.1
Trac Trac 0.8.3
Trac Trac 0.6
Trac Trac 0.6.1
Trac Trac 0.9.4
Trac Trac 0.9
Trac Trac
Trac Trac 0.10
Trac Trac 0.8.4
Trac Trac 0.7
Trac Trac 0.9.1
Trac Trac 0.9.6
Trac Trac 0.10.4
Trac Trac 0.10.5
Trac Trac 0.5.2
Trac Trac 0.5
Trac Trac 0.8.1
Trac Trac 0.8.2
Trac Trac 0.9.2
Trac Trac 0.9.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »