[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML

Medium

Internet Bug Bounty

Submitted None

Team Summary

Official summary from Internet Bug Bounty

[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could lead to a potential cross site scripting issue within the Trix editor. Credits Thank you ooooooo_q for reporting this! Full Security Advisory: https://discuss.rubyonrails.org/t/cve-2024-32464-actiontext-contentattachments-can-contain-unsanitized-html/85949

Actions:

View on HackerOne

Reported by ooooooo_q

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Stored

I made a report at https://hackerone.com/reports/2389565. https://discuss.rubyonrails.org/t/cve-2024-32464-actiontext-contentattachments-can-contain-unsanitized-html/85949 > Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. > This has been assigned the CVE identifier CVE-2024-32464. > Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 ## Impact > This could lead to a potential cross site scripting issue within the Trix editor.

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2024-32464 MEDIUM

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$2600.00

Submitted

Weakness

Cross-site Scripting (XSS) - Stored