Skip to main content

Loofah

7 CVEs product

Monthly

CVE-2022-23518 Ruby MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux Loofah
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-23516 Ruby HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23515 Ruby MEDIUM PATCH This Month

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-23514 Ruby HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-15587 Ruby MEDIUM PATCH This Month

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2018-16468 Ruby MEDIUM PATCH This Month

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-8048 Ruby MEDIUM PATCH This Month

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Debian Linux Loofah
NVD GitHub
CVSS 3.0
6.1
EPSS
2.0%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Fedora +2
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Debian Linux Loofah
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy