6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-23518

GHSA ID

GHSA-mcvf-2q2m-x72m

EPSS Score

0.44197%

CWE

CWE-79

Published

12/13/2022

Updated

9/14/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-23518

CVE-2022-23518: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary

rails-html-sanitizer >= 1.0.3, < 1.4.4 is vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0.

Mitigation

Upgrade to rails-html-sanitizer >= 1.4.4.

Severity

The maintainers have evaluated this as Medium Severity 6.1.

References

CWE - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.9)
SVG MIME Type (image/svg+xml) is misleading to developers · Issue #266 · w3c/svgwg
https://github.com/rails/rails-html-sanitizer/issues/135
https://hackerone.com/reports/1694173

Credit

This vulnerability was independently reported by Maciej Piechota (@haqpl) and Mrinmoy Das (@goromlagche).

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-23518

CVE-2022-23518:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-23518

GHSA ID

GHSA-mcvf-2q2m-x72m

EPSS Score

0.44197%

CWE

CWE-79

Published

12/13/2022

Updated

9/14/2023

KEV Status

Technology

Ruby

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rails-html-sanitizer	rubygems	>= 1.0.3, < 1.4.4	1.4.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing data URI validation in rails-html-sanitizer's attribute scrubbing logic. The GitHub issue #135 specifically shows the PermitScrubber's scrub_attribute() method (lines 142-154 in scrubbers.rb) lacks the safe data URI checks present in Loofah's implementation. This allows XSS via crafted data:text/html and data:application/vnd.wap.xhtml+xml URIs. The test case demonstrates the sanitizer fails to remove dangerous data URIs in iframe src attributes when allowed tags/attributes are permitted.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-23518: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary

Mitigation

Severity

References

Credit

CVE-2022-23518:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-23518: Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary

Mitigation

Severity

References

Credit

6.1

6.1

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI