CVE-2020-15169 XSS in Action View

2020-09-1115:50:12

CWE-79

GitHub_M

www.cve.org

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View’s translation helpers. Views that allow the user to control the default (not found) value of the t and translate helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.

CNA Affected

[
  {
    "product": "actionview",
    "vendor": "rails",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.2.4.4"
      },
      {
        "status": "affected",
        "version": ">= 6.0.0.0, < 6.0.3.3"
      }
    ]
  }
]