CVE-2019-12732
The Chartkick gem through 3.1.0 for Ruby allows XSS.
4.7CVSS
4.7AI Score
0.001EPSS
CVE-2020-16254
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
6.1CVSS
6.6AI Score