Lucene search

K

Internet Bug Bounty: CVE-2022-23519: Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

🗓️ 14 Dec 2022 21:40:22Reported by 0b5cur17yType 
hackerone
 hackerone
🔗 hackerone.com👁 66 Views

Rails HTML Sanitizer allows certain combinations of tags in its allow list to allow XSS, such as svg+style and math+style. A sample vulnerable Rails application is provided for testing this vulnerability

Show more
Related

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
14 Dec 2022 21:22Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.001
66
.json
Report