Vulnerabilities > CVE-2022-23518

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

rubyonrails

debian

loofah-project

NVD

Published: 2022-12-14

Updated: 2024-11-21

Summary

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.

Vulnerable Configurations

Part	Description	Count
Application	Rubyonrails Rubyonrails Rails Html Sanitizers 1.0.3 Rubyonrails Rails Html Sanitizers 1.0.4 Rubyonrails Rails Html Sanitizers 1.1.0 Rubyonrails Rails Html Sanitizers 1.2.0 Rubyonrails Rails Html Sanitizers 1.3.0 Rubyonrails Rails Html Sanitizers 1.4.0 Rubyonrails Rails Html Sanitizers 1.4.1 Rubyonrails Rails Html Sanitizers 1.4.2 Rubyonrails Rails Html Sanitizers 1.4.3	9
Application	Loofah_Project Loofah Project Loofah 2.1.0 Loofah Project Loofah 2.1.1 Loofah Project Loofah 2.2.0 Loofah Project Loofah 2.2.1 Loofah Project Loofah 2.2.2 Loofah Project Loofah 2.2.3 Loofah Project Loofah 2.3.0 Loofah Project Loofah 2.3.1	10
OS	Debian Debian Debian Linux 10.0	1

Vulnerabilities > CVE-2022-23518 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-23518"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-23518