Description
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Remediation
References
Related Vulnerabilities
Internet Information Services Integer Overflow or Wraparound Vulnerability (CVE-2008-1446)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.32)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.01)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)