CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2022-23519 – Possible XSS vulnerability with certain configurations of rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23519
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. • https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h https://hackerone.com/reports/1656627 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23519 https://bugzilla.redhat.com/show_bug.cgi?id=2153744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2022-23518 – Improper neutralization of data URIs allows XSS in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Las versiones >= 1.0.3, < 1.4.4 son vulnerables a Cross-Site Scripting (XSS) a través de URI de datos cuando se usan en combinación con Loofah >= 2.1.0. Este problema está parcheado en la versión 1.4.4. • https://github.com/rails/rails-html-sanitizer/issues/135 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m https://hackerone.com/reports/1694173 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23518 https://bugzilla.redhat.com/show_bug.cgi?id=2153701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23517 – Inefficient Regular Expression Complexity in rails-html-sanitizer
https://notcve.org/view.php?id=CVE-2022-23517
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. rails-html-sanitizer es responsable de sanitizar fragmentos HTML en aplicaciones Rails. Ciertas configuraciones de rails-html-sanitizer < 1.4.4 utilizan una expresión regular ineficiente que es susceptible a un retroceso excesivo al intentar sanitizar ciertos atributos SVG. • https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w https://hackerone.com/reports/1684163 https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html https://access.redhat.com/security/cve/CVE-2022-23517 https://bugzilla.redhat.com/show_bug.cgi?id=2153720 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23515 – Improper neutralization of data URIs may allow XSS in Loofah
https://notcve.org/view.php?id=CVE-2022-23515
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. Loofah es una librería general para manipular y transformar documentos y fragmentos HTML / XML, construida sobre Nokogiri. Loofah >= 2.1.0, < 2.19.1 es vulnerable a Cross-Site Scripting (XSS) a través del tipo de medio image/svg+xml en las URI de datos. • https://github.com/flavorjones/loofah/issues/101 https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx https://hackerone.com/reports/1694173 https://lists.debian.org/debian-lts-announce/2023/09/msg00011.html https://access.redhat.com/security/cve/CVE-2022-23515 https://bugzilla.redhat.com/show_bug.cgi?id=2153262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 10%CPEs: 8EXPL: 0CVE-2022-46341 – X.Org Server ProcXIPassiveUngrabDevice Improper Validation of Array Index Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIPassiveUngrab accede a la memoria fuera de los límites cuando se invoca con un código clave o un código de botón alto. • https://access.redhat.com/security/cve/CVE-2022-46341 https://bugzilla.redhat.com/show_bug.cgi?id=2151756 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://ww • CWE-787: Out-of-bounds Write •