Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-23520

Good to know:

icon

Date: December 14, 2022

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

Language: Ruby

Severity Score

Related Resources (6)

https://nvd.nist.gov/vuln/detail/CVE-2022-23520
https://security-tracker.debian.org/tracker/CVE-2022-23520
https://hackerone.com/reports/1654310
https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html
https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8
https://www.mend.io/vulnerability-database/CVE-2022-23520

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version rails-html-sanitizer - 1.4.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us