Loofah Allows Cross-site Scripting

GHSA-c3gv-9cxf-6f57 · CVE-2019-15587

Published Nov 5, 2019 · Modified Feb 16, 2024

Description

In the Loofah gem for Ruby through v2.3.0, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

Ready to move

Free, no credit card | First findings in minutes