Moderate severity vulnerability that affects rails-html-sanitizer
Moderate severity
GitHub Reviewed
Published
Sep 17, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Withdrawn
This advisory was withdrawn on Jun 16, 2020
Description
Published to the GitHub Advisory Database
Sep 17, 2018
Reviewed
Jun 16, 2020
Withdrawn
Jun 16, 2020
Last updated
Jan 9, 2023
Withdrawn, accidental duplicate publish.
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
References