Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mcvf-2q2m-x72m: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary

rails-html-sanitizer >= 1.0.3, < 1.4.4 is vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0.

Mitigation

Upgrade to rails-html-sanitizer >= 1.4.4.

Severity

The maintainers have evaluated this as Medium Severity 6.1.

References

Credit

This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).

ghsa
#xss#vulnerability#web#mac#git

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Moderate severity GitHub Reviewed Published Dec 13, 2022 in rails/rails-html-sanitizer • Updated Dec 13, 2022

Related news

Red Hat Security Advisory 2023-2097-03

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.