Download
| Alert*
oval:org.secpod.oval:def:603599
ruby-sanitize is installed oval:org.secpod.oval:def:603596 The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element. oval:org.secpod.oval:def:53483 The Shopify Application Security Team discovered that ruby-sanitize, a whitelist-based HTML sanitizer, is prone to a HTML injection vulnerability. A specially crafted HTML fragment can cause to allow non- whitelisted attributes to be used on a whitelisted HTML element. oval:org.secpod.oval:def:98513 It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer, insufficiently sanitised <style> elements, which may result in cross-site scripting. |