0.001 Low
EPSS
Percentile
32.7%
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
github.com/ankane/chartkick
github.com/ankane/chartkick/commit/ba67ab5e603de4d94676790fdac425f8199f1c4f
github.com/ankane/chartkick/issues/546
github.com/rubysec/ruby-advisory-db/blob/master/gems/chartkick/CVE-2020-16254.yml
nvd.nist.gov/vuln/detail/CVE-2020-16254