Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23519— Possible XSS vulnerability with certain configurations of rails-html-sanitizer

CVSS 7.2 · High EPSS 0.14% · P34
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-23519

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Source: NVD (National Vulnerability Database)
Vulnerability Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rails 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails rails-html-sanitizer 1.4.4之前版本存在跨站脚本漏洞,该漏洞源于Rails::Html::Sanitizer 的某些配置可能存在 XSS 漏洞,如果应用程序开发人员通过以下任一方式覆盖了消毒剂的允许标签,攻击者可能会注入内容:允许“math”和 style 元素,或者同时允许 svg 和 style 元素。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
railsrails-html-sanitizer < 1.4.4 -

II. Public POCs for CVE-2022-23519

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-23519

登录查看更多情报信息。

Same Patch Batch · rails · 2022-12-14 · 4 CVEs total

CVE-2022-235177.5 HIGHInefficient Regular Expression Complexity in rails-html-sanitizer
CVE-2022-235206.1 MEDIUMrails-html-sanitizer contains an incomplete fix for an XSS vulnerability
CVE-2022-23518Improper neutralization of data URIs allows XSS in rails-html-sanitizer

IV. Related Vulnerabilities

Same product: rails-html-sanitizer
Same vendor: rails
Same weakness: CWE-79

V. Comments for CVE-2022-23519

No comments yet

Leave a comment