logo
DATABASE RESOURCES PRICING ABOUT US

Cross-site Scripting

Description

In Action View there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in `_html`, the default string is incorrectly marked as HTML-safe and not escaped.


Affected Software


CPE Name Name Version
gem/actionview 5.2.4.4
gem/actionview 6.0.0.0
gem/actionview 6.0.3.3

Related