Lucene search

K
hackeroneRyotakH1:2125679
HistoryAug 28, 2023 - 6:25 a.m.

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

2023-08-2806:25:02
ryotak
hackerone.com
45
internet bug bounty
dom based cross-site scripting
rails-ujs
contenteditable
html elements
cve-2023-23913
arbitrary execution of javascript

0 Low

EPSS

Percentile

0.0%

Summary

Original report: https://hackerone.com/reports/1767802

Impact

If the specified malicious HTML clipboard content is provided to a contenteditable element, this could result in the arbitrary execution of javascript on the origin in question.