vulnerability
FreeBSD: VID-81946ACE-6961-4488-A164-22D58EBC8D66 (CVE-2018-3741): rails-html-sanitizer -- possible XSS vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Mar 22, 2018 | Mar 25, 2018 | May 7, 2019 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Mar 22, 2018
Added
Mar 25, 2018
Modified
May 7, 2019
Description
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications. This issue is similar to CVE-2018-8048 in Loofah. All users running an affected release should either upgrade or use one of the workarounds immediately.
Solution
freebsd-upgrade-package-rubygem-rails-html-sanitizer
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.