| CVE-2018-3740 |
medium |
— |
5.5 |
|
|
|
8y ago |
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
| CVE-2023-36823 |
unknown |
— |
— |
|
|
|
3y ago |
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to… |
| CVE-2023-23627 |
unknown |
— |
— |
|
|
|
3y ago |
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allow… |
| CVE-2020-4054 |
unknown |
— |
— |
|
|
|
6y ago |
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom… |
