VulnerableCode Package Details - pkg:deb/debian/ruby-rails-html-sanitizer@1.0.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2ece-9xu2-z7ea	XSS vulnerability - white list bypass Carefully crafted strings can cause user input to bypass the sanitization in the white list sanitizer which can lead to an XSS attack.	CVE-2015-7580 GHSA-ghqm-pgxj-37gq
VCID-nc6s-6usd-gkeb	Possible XSS vulnerability Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications.	CVE-2015-7578 GHSA-59c7-4xj2-hgvw
VCID-ujza-s7ug-9fcp	XSS vulnerability in strip_tags Due to the way that `Rails::Html::FullSanitizer` is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's `strip_tags` these entities will be unescaped what may cause a XSS attack if used in combination with `raw` or `html_safe`.	CVE-2015-7579 GHSA-r9c2-cr39-c8g6

Vulnerability

Summary

Aliases

VCID-2ece-9xu2-z7ea

XSS vulnerability - white list bypass Carefully crafted strings can cause user input to bypass the sanitization in the white list sanitizer which can lead to an XSS attack.

CVE-2015-7580
GHSA-ghqm-pgxj-37gq

VCID-nc6s-6usd-gkeb

Possible XSS vulnerability Certain attributes are not removed from tags when they are sanitized, and these attributes can lead to an XSS attack on target applications.

CVE-2015-7578
GHSA-59c7-4xj2-hgvw

VCID-ujza-s7ug-9fcp

XSS vulnerability in strip_tags Due to the way that `Rails::Html::FullSanitizer` is implemented, if an attacker passes an already escaped HTML entity to the input of Action View's `strip_tags` these entities will be unescaped what may cause a XSS attack if used in combination with `raw` or `html_safe`.

CVE-2015-7579
GHSA-r9c2-cr39-c8g6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:22:06.635926+00:00	Debian Importer	Fixing	VCID-ujza-s7ug-9fcp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:04:38.833693+00:00	Debian Importer	Fixing	VCID-2ece-9xu2-z7ea	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:55:43.068735+00:00	Debian Importer	Fixing	VCID-nc6s-6usd-gkeb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:44:26.251088+00:00	Debian Importer	Fixing	VCID-ujza-s7ug-9fcp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:05:00.536386+00:00	Debian Importer	Fixing	VCID-2ece-9xu2-z7ea	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:30.468150+00:00	Debian Importer	Fixing	VCID-nc6s-6usd-gkeb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:52:21.759482+00:00	Debian Importer	Fixing	VCID-2ece-9xu2-z7ea	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:21.711917+00:00	Debian Importer	Fixing	VCID-ujza-s7ug-9fcp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:52:21.661332+00:00	Debian Importer	Fixing	VCID-nc6s-6usd-gkeb	https://security-tracker.debian.org/tracker/data/json	38.1.0