Vulnerabilities > CVE-2022-23515

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

loofah-project

debian

NVD

Published: 2022-12-14

Updated: 2024-11-21

Summary

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.

Vulnerable Configurations

Part	Description	Count
Application	Loofah_Project Loofah Project Loofah 2.1.0 Loofah Project Loofah 2.1.1 Loofah Project Loofah 2.2.0 Loofah Project Loofah 2.2.1 Loofah Project Loofah 2.2.2 Loofah Project Loofah 2.2.3 Loofah Project Loofah 2.3.0 Loofah Project Loofah 2.3.1	10
OS	Debian Debian Debian Linux 10.0	1

References

https://github.com/flavorjones/loofah/issues/101
https://github.com/flavorjones/loofah/issues/101
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx
https://hackerone.com/reports/1694173
https://hackerone.com/reports/1694173
https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html
https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html

Vulnerabilities > CVE-2022-23515 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-23515"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-23515