Skip to main content

Sanitize

4 CVEs product

Monthly

CVE-2023-36823 Ruby MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-23627 Ruby MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sanitize
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2020-4054 Ruby HIGH PATCH This Week

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize
NVD GitHub
CVSS 3.1
7.3
EPSS
1.9%
CVE-2018-3740 Ruby HIGH PATCH This Week

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sanitize
NVD GitHub
EPSS 2% CVSS 7.3
HIGH PATCH This Week

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy