Lucene search

GitHub_MCVELIST:CVE-2022-23519

HistoryDec 14, 2022 - 4:50 p.m.

CVE-2022-23519 Possible XSS vulnerability with certain configurations of rails-html-sanitizer

2022-12-1416:50:14

CWE-79

GitHub_M

www.cve.org

rails-html-sanitizer

xss

vulnerability

configurations

rails

applications

html

fragments

sanitizer

cve-2022-23519

fixed

version 1.4.4

attacker

inject content

overridden

allowed tags

math

style

svg

impacted

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.4%

JSON

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer’s allowed tags in either of the following ways: allow both “math” and “style” elements, or allow both “svg” and “style” elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include “math” or “svg” and “style” should either upgrade or use the following workaround immediately: Remove “style” from the overridden allowed tags, or remove “math” and “svg” from the overridden allowed tags.

CNA Affected

[
  {
    "vendor": "rails",
    "product": "rails-html-sanitizer",
    "versions": [
      {
        "version": "< 1.4.4",
        "status": "affected"
      }
    ]
  }
]