CVE-2018-3740

HIGH7.5EPSS 0.26%

Sanitize vulnerable to Improper Input Validation and Cross-site Scripting

發布日:2018/3/21修改日:2026/4/28
也稱為:GHSA-7f42-p84j-f58pDEBIAN-CVE-2018-3740

描述

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

受影響套件(3)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1HIGH7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(9)