Marien

**Name of the Vulnerable Software and Affected Versions** rails-html-sanitizer gem versions prior to 1.0.3 Ruby on Rails versions 4.2.x and 5.x **Description** The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes, which can lead to cross-site scripting (XSS) attacks. This occurs due to a vulnerability in the rails-html-sanitizer gem. **Recommendations** For rails-html-sanitizer gem versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. For Ruby on Rails versions 4.2.x and 5.x, ensure the rails-html-sanitizer gem is updated to version 1.0.3 or later to mitigate the risk of XSS attacks.