Lucene search
GoogleOSV:GHSA-9CHR-4FJH-5RGWHistoryOct 27, 2022 - 12:00 p.m.
Cross-site Scripting in actionpack
2022-10-2712:00:27
Google
osv.dev
10
0.001 Low
EPSS
Percentile
21.8%
actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit.
This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious javascript-containing string into a development-only error page accessible only via localhost.
| CPE | Name | Operator | Version |
|---|---|---|---|
| actionpack | eq | 0.9.0 | |
| actionpack | eq | 0.9.5 | |
| actionpack | eq | 1.0.0 | |
| actionpack | eq | 1.0.1 | |
| actionpack | eq | 1.1.0 | |
| actionpack | eq | 1.10.1 | |
| actionpack | eq | 1.10.2 | |
| actionpack | eq | 1.11.0 | |
| actionpack | eq | 1.11.1 | |
| actionpack | eq | 1.11.2 |
Related
veracode
veracode
Cross-site Scripting (XSS)
2022-10-27 03:29:45
prion
prion
Cross site scripting
2022-10-26 20:15:00
osv
osv
BIT-rails-2022-3704
2024-01-31 15:23:07
debiancve
debiancve
CVE-2022-3704
2022-10-26 20:15:10
cvelist
cvelist
CVE-2022-3704 Ruby on Rails _table.html.erb cross site scripting
2022-10-26 00:00:00
nvd
nvd
CVE-2022-3704
2022-10-26 20:15:10
github
github
Cross-site Scripting in actionpack
2022-10-27 12:00:27
ubuntucve
ubuntucve
CVE-2022-3704
2022-10-26 00:00:00
redhatcve
redhatcve
CVE-2022-3704
2022-10-31 19:25:56
cve
cve
CVE-2022-3704
2022-10-26 20:15:10