logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-5267

Description

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.


Affected Software


CPE Name Name Version
rubyonrails:actionview rubyonrails actionview 5.2.4.2
rubyonrails:actionview rubyonrails actionview 6.0.2.2
debian:debian_linux debian debian linux 8.0

Related