PT-2022-16048 · Unknown+4 · Rails-Html-Sanitizer+4

Dominic Breuker

Published

2022-12-13

Updated

2026-03-13

CVE-2022-23520

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions rails-html-sanitizer versions prior to 1.4.4

Description The issue is related to the sanitization of HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix. This vulnerability may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden.

Recommendations For versions prior to 1.4.4, upgrade to version 1.4.4 or use the workaround: Remove either "select" or "style" from the overridden allowed tags. As a temporary workaround, consider removing either the "select" or "style" element from the overridden allowed tags until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-1337

ALT-PU-2023-4269

ALT-PU-2024-7815

CVE-2022-23520

DLA-3566-1

DLA-3902-1

GHSA-RRFC-7G8P-99Q8

OPENSUSE-SU-2023_3714-1

OPENSUSE-SU-2024:12769-1

OPENSUSE-SU-2024:14175-1

OPENSUSE-SU-2025:15125-1

OPENSUSE-SU-2026:10361-1

RHSA-2023:2097

RLSA-2023:2097

SUSE-SU-2023:3534-1

SUSE-SU-2023:3714-1

Affected Products

Alt Linux

Astra Linux

Rocky Linux

Suse

Rails-Html-Sanitizer

PT-2022-16048 · Unknown+4 · Rails-Html-Sanitizer+4

CVE-2022-23520

Weakness Enumeration

Related Identifiers

Affected Products

References · 46