Vulnerabilities > Loofah Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-23518 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
| 2022-12-14 | CVE-2022-23514 | Unspecified vulnerability in Loofah Project Loofah Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. | 7.5 |
| 2022-12-14 | CVE-2022-23515 | Cross-site Scripting vulnerability in multiple products Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. | 6.1 |
| 2022-12-14 | CVE-2022-23516 | Uncontrolled Recursion vulnerability in Loofah Project Loofah Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. | 7.5 |
| 2019-10-22 | CVE-2019-15587 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2018-10-30 | CVE-2018-16468 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2018-03-27 | CVE-2018-8048 | Cross-site Scripting vulnerability in multiple products In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. | 6.1 |