XSS in rails-html-sanitizer <1.4.4 via overridden tags select+style
CVE-2022-23520 Published on December 14, 2022

rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.

NVD

Vulnerability Analysis

CVE-2022-23520 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is a XSS Vulnerability?

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE-2022-23520 has been classified to as a XSS vulnerability or weakness.


Products Associated with CVE-2022-23520

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23520 are published in these products:

Railshtmlsanitizerproject Rails Html Sanitizer
 
Ruby on Rails Rails Html Sanitizers
 
Debian Linux
 

Affected Versions

rails-html-sanitizer Version < 1.4.4 is affected by CVE-2022-23520

Exploit Probability

EPSS
0.29%
Percentile
51.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.