Description
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)
WordPress Plugin Thrive Ovation Security Bypass (2.4.4)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3220)
Oracle Application Server Other Vulnerability (CVE-2009-0217)