0B5Cur17Y

**Name of the Vulnerable Software and Affected Versions** rails-html-sanitizer versions prior to 1.4.4 **Description** The issue is related to a possible XSS vulnerability in certain configurations of Rails::Html::Sanitizer, which may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to include both "math" and "style" elements or both "svg" and "style" elements. This can be done in various ways, such as using application configuration, a `:tags` option to the Action View helper `sanitize`, using Rails::Html::SafeListSanitizer class method `allowed tags=`, or using a `:tags` options to the Rails::Html::SafeListSanitizer instance method `sanitize`. The vulnerability can be exploited if the code is impacted by overridden allowed tags. **Recommendations** For versions prior to 1.4.4, either upgrade to version 1.4.4 or use the following workaround: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.