Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2019-15587

Published: 22/10/2019 Updated: 07/11/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Loofah Project

Vulnerability Summary

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

loofah project loofah

fedoraproject fedora 30

fedoraproject fedora 31

canonical ubuntu linux 16.04

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2019-15587
Debian Bug report logs - #942894 CVE-2019-15587 Package: ruby-loofah; Maintainer for ruby-loofah is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-loofah is src:ruby-loofah (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 22 Oct 2 ...
Debian Security Advisories: DSA-4554-1 ruby-loofah -- security update
It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, was susceptible to cross-site scripting For the oldstable distribution (stretch), this problem has been fixed in version 203-2+deb9u3 For the stable distribution (buster), this problem has been fixed in version 223-1+deb10 ...

Mailing Lists

Full Disclosure: Re: [CVE-2019-15587] Loofah XSS Vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: [CVE-2019-15587] Loofah XSS Vulnerability <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Mike Dalessio &lt;m ...

References

CWE-79https://hackerone.com/reports/709009https://github.com/flavorjones/loofah/issues/171https://www.debian.org/security/2019/dsa-4554https://security.netapp.com/advisory/ntap-20191122-0003/https://usn.ubuntu.com/4498-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WK2UG7ORKRQOJ6E4XJ2NVIHYJES6BYZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMCWPLYPNIWYAY443IZZJ4IHBBLIHBP5/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942894https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4554
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook