Lucene search

CVE-2022-23520

🗓️ 14 Dec 2022 18:17:15Reported by [email protected]Type

rails-html-sanitizer XSS vulnerability in versions prior to 1.4.

Reporter	Title	Published	Views	Family All 68
Hacker One	Internet Bug Bounty: CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)	14 Dec 202221:17	–	hackerone
Hacker One	Ruby on Rails: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)	29 Jul 202221:46	–	hackerone
Hacker One	Internet Bug Bounty: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag	14 Jun 202204:11	–	hackerone
Hacker One	Ruby on Rails: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag	5 Apr 202207:34	–	hackerone
OSV	Possible XSS vulnerability with certain configurations of rails-html-sanitizer	13 Dec 202217:51	–	osv
OSV	CVE-2022-23520	14 Dec 202218:15	–	osv
OSV	DLA-3902-1 ruby-rails-html-sanitizer - security update	28 Sep 202400:00	–	osv
OSV	Rails::Html::Sanitizer vulnerable to Cross-site Scripting	25 Jun 202200:00	–	osv
OSV	CVE-2022-32209	24 Jun 202215:15	–	osv
OSV	ruby-rails-html-sanitizer - security update	7 Dec 202200:00	–	osv

Nvd

Node

rubyonrails rails_html_sanitizersRange<1.4.4rails

Node

debian debian_linuxMatch10.0

Source	Link
hackerone	www.hackerone.com/reports/1654310
lists	www.lists.debian.org/debian-lts-announce/2023/09/msg00012.html
github	www.github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Dec 2022 18:15Current

CVSS36.1

EPSS0.0025

CWE-79