Haqpl

**Name of the Vulnerable Software and Affected Versions** Loofah versions 2.1.0 through 2.19.0 **Description** The issue concerns a cross-site scripting vulnerability via the image/svg+xml media type in data URIs. This vulnerability affects Loofah, a library for manipulating and transforming HTML/XML documents and fragments built on top of Nokogiri. **Recommendations** For Loofah versions 2.1.0 through 2.19.0, upgrade to version 2.19.1 to resolve the issue. As a temporary workaround, consider restricting the use of the image/svg+xml media type in data URIs until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** rails-html-sanitizer versions 1.0.3 through 1.4.3 **Description** The issue is related to the sanitization of HTML fragments in Rails applications when used in combination with Loofah. It allows a remote attacker to conduct cross-site scripting attacks via data URIs. **Recommendations** Upgrade to rails-html-sanitizer version 1.4.4 or later. As a temporary workaround, consider restricting the use of Loofah version 2.1.0 or later until the issue is resolved.