Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an malicious user to inject content if the application developer has overr...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
NA
CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allo...
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
2 Github repositories
384
VMScore
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
NA
CVE-2021-32858
esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Esdoc Esdoc-publish-html-plugin
NA
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
383
VMScore
CVE-2015-8510
Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS prior to 2.5 allows user-assisted remote malicious users to inject arbitrary web script or HTML via a crafted web site that is mishandled during "...
Mozilla Firefox Os
NA
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape saniti...
605
VMScore
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
383
VMScore
CVE-2021-23974
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
Mozilla Firefox
445
VMScore
CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac prior to 0.11.2 allows malicious users to conduct phishing attacks via unknown attack vectors.
Trac Trac 0.10.3.1
Trac Trac 0.10.3
Trac Trac 0.5.1
Trac Trac 0.8.3
Trac Trac 0.6
Trac Trac 0.6.1
Trac Trac 0.9.4
Trac Trac 0.9
Trac Trac
Trac Trac 0.10
Trac Trac 0.8.4
Trac Trac 0.7
Trac Trac 0.9.1
Trac Trac 0.9.6
Trac Trac 0.10.4
Trac Trac 0.10.5
Trac Trac 0.5.2
Trac Trac 0.5
Trac Trac 0.8.1
Trac Trac 0.8.2
Trac Trac 0.9.2
Trac Trac 0.9.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »