CVE-2019-15587

MEDIUM5.4EPSS 2.3%

Loofah Allows Cross-site Scripting

發布日:2019/11/5修改日:2026/4/28
也稱為:GHSA-c3gv-9cxf-6f57DEBIAN-CVE-2019-15587

描述

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

受影響套件(3)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(12)