Lucene search
RyotakH1:2125679HistoryAug 28, 2023 - 6:25 a.m.
Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
2023-08-2806:25:02
ryotak
hackerone.com
45
internet bug bounty
dom based cross-site scripting
rails-ujs
contenteditable
html elements
cve-2023-23913
arbitrary execution of javascript
0 Low
EPSS
Percentile
0.0%
Summary
Original report: https://hackerone.com/reports/1767802
Impact
If the specified malicious HTML clipboard content is provided to a contenteditable element, this could result in the arbitrary execution of javascript on the origin in question.
Related
github
github
osv
osv
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
2023-06-09 22:41:16
rails - security update
2023-04-14 00:00:00
redhatcve
redhatcve
CVE-2023-23913
2023-03-27 18:13:07
openvas
openvas
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3813-1)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5389-1)
2023-04-17 00:00:00
cve
cve
CVE-2023-23913
2023-04-08 00:37:48
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)
2023-09-28 00:00:00
Debian DSA-5389-1 : rails - security update
2023-04-15 00:00:00
debiancve
debiancve
CVE-2023-23913
2023-04-08 00:37:48
ubuntucve
ubuntucve
CVE-2023-23913
2023-03-22 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2023-04-02 13:20:04
gitlab
gitlab
rubygems
rubygems
debian
debian
[SECURITY] [DSA 5389-1] rails security update
2023-04-14 16:39:00