Vulnerabilities > Rubyonrails > Html Sanitizer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-3741 | Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. | 6.1 |
| 2016-02-16 | CVE-2015-7580 | Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node. | 4.3 |
| 2016-02-16 | CVE-2015-7579 | Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class. | 4.3 |
| 2016-02-16 | CVE-2015-7578 | Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer 1.0.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes. | 4.3 |