Published: 14/12/2022 Updated: 01/02/2024

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 0

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
loofah project loofah
debian debian linux 10.0

Synopsis Important: Satellite 613 Release Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Satellite 613 The release contains anew version of Satellite and important security fixes ...

Debian Bug report logs - #1026083 Security: XSS bug in Loofah Package: ruby-loofah; Maintainer for ruby-loofah is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-loofah is src:ruby-loofah (PTS, buildd, popcon) Affects: ruby-loofah/222-1~bpo9+1, ruby-loofah/240+dfsg-1~bpo10+1, ruby-loofah ...

DescriptionA Cross-site scripting vulnerability was found in rubygem loofah While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacksA Cross-site scripting vulnerability was found in rubygem loofah While neutralizing certain data URIs, loofah is susceptible to Cross-site scripting attacks ...

CWE-79 https://hackerone.com/reports/1694173 https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx https://github.com/flavorjones/loofah/issues/101 https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html https://access.redhat.com/errata/RHSA-2023:2097 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2022-23515

CVE-2022-23515

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect