FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rails-html-sanitizer -- possible XSS vulnerability

Affected packages
rubygem-rails-html-sanitizer < 1.0.4


VuXML ID 81946ace-6961-4488-a164-22d58ebc8d66
Discovery 2018-03-22
Entry 2018-03-24

OSS-Security list:

There is a possible XSS vulnerability in rails-html-sanitizer. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.

This issue is similar to CVE-2018-8048 in Loofah.


CVE Name CVE-2018-3741