H1-1656627 — Vulnetix

H1-1656627 PUBLISHED CVSS 4.699999809265137 MEDIUM

Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style)

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Timeline

Dec 14, 2022 CVE Published
Dec 14, 2022 PoC Published

References

Rails::Html::SafeListSanitizer vulnerable to XSS when certain tags are allowed (math+style || svg+style) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›