Lucene search
+L

217 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.8 views

SUSE CVE-2016-2097

Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...

5.3CVSS6.3AI score0.04423EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.8 views

SUSE CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6.1AI score0.03438EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.5 views

SUSE CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

5.9CVSS7AI score0.98507EPSS
Exploits18References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.6 views

SUSE CVE-2019-5419

There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...

5.9CVSS6.8AI score0.08671EPSS
Exploits3References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.6 views

SUSE CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6.2AI score0.01543EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

7.4CVSS5.2AI score0.02372EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.5CVSS6.3AI score0.01485EPSS
Exploits1References6
OSV
OSV
added 2022/12/14 5:7 p.m.35 views

CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

6.1CVSS6.1AI score0.0111EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/12/13 5:50 p.m.53 views

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

7.2CVSS6.5AI score0.00988EPSS
Exploits1References7Affected Software1
RubySec
RubySec
added 2022/12/13 12:0 a.m.35 views

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...

6.1CVSS1.3AI score0.29316EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.34 views

Debian dla-3227 : ruby-rails-html-sanitizer - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3227 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3227-1 [email protected] https://www.debian.org/lts/security/...

6.1CVSS6.2AI score0.29316EPSS
Exploits1References4
Prion
Prion
added 2022/06/24 3:15 p.m.25 views

Design/Logic Flaw

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

4.3CVSS6.1AI score0.29316EPSS
Exploits1References4Affected Software3
ATTACKERKB
ATTACKERKB
added 2022/05/26 5:15 p.m.5 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS5.9AI score0.01485EPSS
Exploits1References4
OSV
OSV
added 2022/05/26 5:15 p.m.2 views

DEBIAN-CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS6AI score0.01485EPSS
Exploits1References1
OSV
OSV
added 2022/05/26 5:15 p.m.8 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS6.4AI score0.01485EPSS
Exploits1References3
NVD
NVD
added 2022/05/26 5:15 p.m.24 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS0.01485EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2022/05/26 5:15 p.m.39 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS6.6AI score0.01485EPSS
Exploits1References2
Prion
Prion
added 2022/05/26 5:15 p.m.30 views

Cross site scripting

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

4.3CVSS5.8AI score0.01485EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/05/26 5:15 p.m.6 views

UBUNTU-CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS6.6AI score0.01485EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.6 views

Action View tag helpers 跨站脚本漏洞

Action View tag helpers is an open source, free, easy-to-use, Jira-like issue requirement tracking tool for small and medium-sized businesses from Action View. A security vulnerability exists in Action View tag helpers version 5.2.0 and later versions. An attacker can exploit the vulnerability to...

6.1CVSS7.2AI score0.01485EPSS
Exploits1References7
Rows per page
Query Builder