Download
| Alert*
oval:org.secpod.oval:def:604924
Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the "relaxed" or a custom config allowing certain elements. Content in a <math> or <svg> element may not be sanitized correctly eve ... oval:org.secpod.oval:def:67135 ruby-sanitize: allowlist-based HTML and CSS sanitizer Sanitize could be made to perform XSS attacks if it received specially crafted input. oval:org.secpod.oval:def:705659 ruby-sanitize: allowlist-based HTML and CSS sanitizer Sanitize could be made to perform XSS attacks if it received specially crafted input. oval:org.secpod.oval:def:66720 Michal Bentkowski discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML sanitization bypass vulnerability when using the quot;relaxedquot; or a custom config allowing certain elements. Content in a lt;mathgt; or lt;svggt; element may not be sanitized correctly even if m ... |