Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish.

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.

Published: Sep 17, 2018
Updated: Apr 14, 2023
GHSA: GHSA-mrhj-2g4v-39qx
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
rails-html-sanitizer	1.0.2	1.0.2.x
rails-html-sanitizer	1.0.2	1.0.3

No references available.

Vulnerability Database

290,020

Moderate severity vulnerability that affects rails-html-sanitizer