CVE-2022-23518

MEDIUM

rails-html-sanitizer 1.0.3-1.4.3 - Cross-Site Scripting via Data URIs with Loofah

Title source: llm

Description

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.

References (5)

Core 5

Core References

Third Party Advisory x_refsource_confirm

https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/rails/rails-html-sanitizer/issues/135

Permissions Required, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/1694173

Mailing List, Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00045.html

Scores

CVSS v3 6.1

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

debian/debian_linux 10.0

loofah_project/loofah 2.1.0 - 2.19.1

rubygems/rails-html-sanitizer 1.0.3 - 1.4.4RubyGems

rubyonrails/rails_html_sanitizers 1.0.3 - 1.4.4

Published Dec 14, 2022

Tracked Since Feb 18, 2026