H1-1654310 — Vulnetix

H1-1654310 PUBLISHED CVSS 4.699999809265137 MEDIUM

Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

Risk Scores

CVSS 3.1

4.699999809265137

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploit Intelligence

Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) (hackerone)
Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) (hackerone)
.bundler-audit.yml (github-poc)

Timeline

Dec 14, 2022 CVE Published
Dec 14, 2022 PoC Published

References

Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›