Lucene search
Redhat.comRH:CVE-2022-23520HistoryDec 15, 2022 - 11:05 a.m.
CVE-2022-23520
2022-12-1511:05:13
redhat.com
access.redhat.com
20
cross-site scripting
rails-html-sanitizer
injection vulnerability
allowed tags override
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
44.1%
A Cross-site scripting vulnerability was found in rails-html-sanitizer. Certain configurations of rails-html-sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer’s allowed tags.
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-12-14 13:48:54
hackerone
hackerone
osv
osv
CVE-2022-23520
2022-12-14 18:15:17
ruby-rails-html-sanitizer - security update
2023-09-13 00:00:00
rubygems
rubygems
cve
cve
CVE-2022-23520
2022-12-14 18:15:17
github
github
ubuntucve
ubuntucve
CVE-2022-23520
2022-12-14 00:00:00
cvelist
cvelist
debiancve
debiancve
CVE-2022-23520
2022-12-14 18:15:17
prion
prion
Design/Logic Flaw
2022-12-14 18:15:00
nvd
nvd
CVE-2022-23520
2022-12-14 18:15:17
openvas
openvas
Fedora: Security Advisory (FEDORA-2023-91e69ea326)
2024-09-10 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3714-1)
2024-03-04 00:00:00
Debian: Security Advisory (DLA-3566-1)
2023-09-14 00:00:00
nessus
nessus
Fedora 40 : rubygem-rails-html-sanitizer (2023-91e69ea326)
2024-04-29 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rails-html-sanitizer (SUSE-SU-2023:3714-1)
2023-09-21 00:00:00
Debian DLA-3566-1 : ruby-rails-html-sanitizer - LTS security update
2023-09-14 00:00:00
debian
debian
[SECURITY] [DLA 3566-1] ruby-rails-html-sanitizer security update
2023-09-13 15:09:12
rocky
rocky
Satellite 6.13 Release
2023-05-05 15:39:58
redhat
redhat
(RHSA-2023:2097) Important: Satellite 6.13 Release
2023-05-03 13:09:51
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
44.1%
Related for RH:CVE-2022-23520