CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-16468
https://notcve.org/view.php?id=CVE-2018-16468
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. En la gema Loofah para Ruby hasta la versión v2.2.2, podría ocurrir JavaScript no saneado en las salidas saneadas cuando se vuelve a publicar un elemento SVG manipulado. • https://github.com/flavorjones/loofah/issues/154 https://www.debian.org/security/2019/dsa-4364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8048 – rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2
https://notcve.org/view.php?id=CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. En la gema Loofah hasta la versión 2.2.0 de Ruby, pueden existir atributos HTML que no están incluidos en lista blanca en salidas saneadas al publicar de nuevo un fragmento HTML manipulado. • http://www.openwall.com/lists/oss-security/2018/03/19/5 https://github.com/flavorjones/loofah/issues/144 https://security.netapp.com/advisory/ntap-20191122-0003 https://www.debian.org/security/2018/dsa-4171 https://access.redhat.com/security/cve/CVE-2018-8048 https://bugzilla.redhat.com/show_bug.cgi?id=1559071 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •