Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-7A06F2157FB656304979C2BC3EF54528
HistoryDec 06, 2013 - 12:00 a.m.

XSS Vulnerability in simple_format helper

2013-12-0600:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
14

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.

CPENameOperatorVersion
gem/actionpackge4.0.0
gem/actionpacklt4.0.2

Related

github 1
osv 1
prion 1
ubuntucve 1
cve 1
debiancve 1
nessus 2
freebsd 1
openvas 6
fedora 4
github
github
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:36
osv
osv
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:36
prion
prion
Cross site scripting
2013-12-07 00:55:00
ubuntucve
ubuntucve
CVE-2013-6416
2013-12-07 00:00:00
cve
cve
CVE-2013-6416
2013-12-07 00:55:00
debiancve
debiancve
CVE-2013-6416
2013-12-07 00:55:00
nessus
nessus
FreeBSD : rails -- multiple vulnerabilities (6a806960-3016-44ed-8575-8614a7cb57c7)
2013-12-09 00:00:00
Fedora 20 : rubygem-actionpack-4.0.0-2.fc20 (2013-23636)
2014-03-07 00:00:00
freebsd
freebsd
rails -- multiple vulnerabilities
2013-12-03 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2013-23636
2014-03-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2013-23636
2014-03-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2014-3169
2014-03-12 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-4.fc20
2014-05-23 18:56:34
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-2.fc20
2014-03-07 06:36:05
[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-3.fc20
2014-03-11 04:00:14

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON
Related for GITLAB-7A06F2157FB656304979C2BC3EF54528
github1osv1prion1ubuntucve1cve1debiancve1nessus2freebsd1openvas6fedora4