Rails Html Sanitizers
Approved changes feed: RSS · Atom
cpe:2.3:a:rubyonrails:rails_html_sanitizers:1.6.0:*:*:*:*:rails:*:*
part: a version: 1.6.0 update: *
| Vendor | Rubyonrails (a0962337-0e2d-518c-b84b-f2864721d062) |
|---|---|
| Product | Rails Html Sanitizers (37850f9e-062e-5d49-a018-a76f12fbf411) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | rails |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/ruby-rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410250 |
pkg:deb/ubuntu/ruby-rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410252 |
pkg:gem/rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410253 |
pkg:github/rails/rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410254 |
pkg:rpm/fedora/rubygem-rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410256 |
pkg:rpm/opensuse/rubygem-rails-html-sanitizer |
purl2cpe | 2026-06-01 10:11:28.410257 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-53989 |
vulnerable | 2026-06-03 14:57:40.526752 |
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1.
Published: 2024-12-02T21:07:04.296Z
Updated: 2024-12-03T14:35:25.922Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53988 |
vulnerable | 2026-06-03 14:57:40.526393 |
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1.
Published: 2024-12-02T21:09:56.440Z
Updated: 2024-12-03T14:34:23.054Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53987 |
vulnerable | 2026-06-03 14:57:40.525951 |
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1.
Published: 2024-12-02T21:15:48.975Z
Updated: 2024-12-03T14:33:22.284Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53986 |
vulnerable | 2026-06-03 14:57:40.525578 |
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.
Published: 2024-12-02T21:13:01.441Z
Updated: 2024-12-03T14:33:51.139Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53985 |
vulnerable | 2026-06-03 14:57:40.525089 |
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.
Published: 2024-12-02T21:15:57.620Z
Updated: 2024-12-11T16:47:59.133Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.