EPSS
Percentile
32.7%
chartkick is vulnerable to CSS injection. A remote attacker is able to inject arbitrary CSS without attributes.
github.com/ankane/chartkick
github.com/ankane/chartkick/issues/546