Vulnerabilities > Rubyonrails > Rails Html Sanitizers > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-14 | CVE-2022-23520 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
| 2022-12-14 | CVE-2022-23518 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
| 2022-12-14 | CVE-2022-23519 | Cross-site Scripting vulnerability in multiple products rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. | 6.1 |
| 2022-06-24 | CVE-2022-32209 | Cross-site Scripting vulnerability in multiple products # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. | 6.1 |