Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb
in the strip_tags
helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
{ "nvd_published_at": "2012-08-10T10:34:47Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:22:45Z" }