So Sakaguchi

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer versions 1.6.0 Description: The issue is related to a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails >= 7.1.0. This vulnerability may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the "noscript" element. Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. As a temporary workaround, consider removing "noscript" from the overridden allowed tags or downgrading sanitization to HTML4.

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This issue is relevant when used with Rails >= 7.1.0. The default configuration is to disallow these elements, and code is only impacted if allowed tags are being overridden. Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. As a temporary workaround, consider removing "math" or "style" from the overridden allowed tags, or downgrade sanitization to HTML4 by configuring `config.action view.sanitizer vendor` and `config.action text.sanitizer vendor` accordingly.

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: A possible XSS vulnerability exists with certain configurations of Rails::HTML::Sanitizer when used with Rails >= 7.1.0. This vulnerability may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the `style` element is explicitly allowed and the `svg` or `math` element is not allowed. Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. As a temporary workaround, consider removing `style` from the overridden allowed tags or downgrading sanitization to HTML4.

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails >= 7.1.0. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either "mglyph" or "malignmark" are allowed. Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. Alternatively, remove "mglyph" and "malignmark" from the overridden allowed tags or downgrade sanitization to HTML4.

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: The issue is related to a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. This vulnerability may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both "svg" and "style" elements. Recommendations: For rails-html-sanitizer version 1.6.0, upgrade to version 1.6.1 to fix the vulnerability. As a temporary workaround, consider removing "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags, or downgrade sanitization to HTML4. Alternatively, independently upgrade Nokogiri to v1.15.7 or >= 1.16.8.

**Name of the Vulnerable Software and Affected Versions** Gladys Assistant versions prior to 4.27.0 **Description** The issue allows authenticated attackers to extract sensitive files from the host machine due to a Directory Traversal problem. The patch for this problem was found to be incomplete. **Recommendations** For versions prior to 4.27.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SiteGround Security WordPress plugin versions prior to 1.3.1 **Description** The issue arises from the plugin's failure to properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tutor LMS WordPress plugin versions prior to 2.0.10 **Description** The issue is related to the lack of protection of the SQL query structure in the Tutor LMS plugin for WordPress, potentially allowing a remote attacker to execute arbitrary code. Additionally, the plugin does not properly sanitise and escape certain parameters, such as `reset key` and `user id`, before outputting them, leading to Reflected Cross-Site Scripting. This could be exploited against high-privilege users, including administrators. **Recommendations** For versions prior to 2.0.10, update to version 2.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the `reset key` and `user id` parameters to minimize the risk of exploitation. Avoid using these parameters in sensitive operations until the issue is resolved.