PT-2018-16163 · Ruby · Rails-Html-Sanitizer

Rafaelfranca

Publicado

2018-03-30

Atualizado

2026-03-13

CVE-2018-3741

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions rails-html-sanitizer gem versions prior to 1.0.4

Description The issue allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, potentially leading to an XSS attack on target applications.

Recommendations For versions prior to 1.0.4, upgrade to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider using one of the provided workarounds until an upgrade is possible.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-3741

GHSA-PX3R-JM9G-C8W8

OPENSUSE-SU-2024:11349-1

OPENSUSE-SU-2024:12145-1

OPENSUSE-SU-2024:13137-1

OPENSUSE-SU-2024:14175-1

OPENSUSE-SU-2025:15125-1

OPENSUSE-SU-2026:10361-1

RHSA-2019:0212

SUSE-SU-2019:2182-1

Produtos afetados

Rails-Html-Sanitizer

PT-2018-16163 · Ruby · Rails-Html-Sanitizer

CVE-2018-3741

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 29