漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
Vulnerability Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Rails HTML Sanitizers 跨站脚本漏洞
Vulnerability Description
Rails HTML Sanitizers是美国Rails团队的一个用于 Rails 应用程序中的 HTML 清理工具。 Rails HTML Sanitizers 1.6.0版本存在跨站脚本漏洞,该漏洞源于在特定配置下存在跨站脚本漏洞,从而容易导致恶意内容注入。
CVSS Information
N/A
Vulnerability Type
N/A