CVE-2018-3741
- EPSS 0.4%
- Veröffentlicht 30.03.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:05:59
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca...
CVE-2015-7579
- EPSS 0.38%
- Veröffentlicht 16.02.2016 02:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer clas...
CVE-2015-7580
- EPSS 0.45%
- Veröffentlicht 16.02.2016 02:59:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
CVE-2015-7578
- EPSS 0.38%
- Veröffentlicht 16.02.2016 02:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.