CVE-2024-53986

Published Dec 2, 2024

Last updated 3 months ago

CVSS low 2.3

Overview

Description
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
2.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
LOW

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. 🟠 #Rails::#HTML::Sanitizer Possible XSS Vulnerability (#CVE-2024-53985/#CVE-2024-53986) (Medium) - Medium https://t.co/3whGovskba

    @dailycve

    3 Dec 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴 #Rails::#HTML::Sanitizer 160 XSS Vulnerability (#CVE-2024-53985/#CVE-2024-53986) (Critical) - Critical https://t.co/j8juaeFFWZ

    @dailycve

    3 Dec 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔵 #Rails::#HTML::Sanitizer 160 Possible XSS Vulnerability (#CVE-2024-53985/#CVE-2024-53986) (Low) - Low https://t.co/dtAV0e36Ou

    @dailycve

    3 Dec 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🟠 #Rails::#HTML::Sanitizer 160 XSS Vulnerability (#CVE-2024-53986) - Medium - Medium https://t.co/IptqjZzUVl

    @dailycve

    3 Dec 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🔴 #Rails::#HTML::Sanitizer XSS Vulnerability (#CVE-2024-53985 & #CVE-2024-53986) (Critical) - Critical https://t.co/2FYkwdJsP3

    @dailycve

    3 Dec 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2024-53986 rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::H… https://t.co/46QurAO8It

    @CVEnew

    2 Dec 2024

    443 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References