FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rails-html-sanitizer -- possible XSS vulnerability

Affected packages
rubygem-rails-html-sanitizer < 1.0.4

Details

VuXML ID 81946ace-6961-4488-a164-22d58ebc8d66
Discovery 2018-03-22
Entry 2018-03-24

OSS-Security list:

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.

This issue is similar to CVE-2018-8048 in Loofah.

[source]

References

CVE Name CVE-2018-3741
URL http://www.openwall.com/lists/oss-security/2018/03/22/4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.