| Max CVSS | 7.2 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-3741 | 4.3 |
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca
|
30-01-2023 - 16:10 | 30-03-2018 - 19:29 | |
| CVE-2012-6685 | 5.0 |
Nokogiri before 1.5.4 is vulnerable to XXE attacks
|
25-02-2020 - 18:35 | 19-02-2020 - 15:15 | |
| CVE-2018-8048 | 4.3 |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
|
22-11-2019 - 09:15 | 27-03-2018 - 17:29 | |
| CVE-2018-3760 | 5.0 |
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application'
|
09-10-2019 - 23:40 | 26-06-2018 - 19:29 | |
| CVE-2018-10905 | 7.2 |
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.
|
09-10-2019 - 23:33 | 24-07-2018 - 13:29 | |
| CVE-2018-11627 | 4.3 |
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
|
26-02-2019 - 15:03 | 31-05-2018 - 19:29 |