What the vulnerability does
01Description
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVSS base score
—
Key dates
02Disclosure timeline
March 30, 2018
CVE published
August 5, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-30840 WordPress xili-dictionary plugin <= 2.12.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-50431 WordPress Breeze plugin <= 2.1.14 - Cross Site Scripting (XSS) vulnerability
CVE-2024-12100 Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting
CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
CVE-2024-53752 WordPress Stripe Donation plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability
