217 matches found
SUSE CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. dot dot in a pathname. NOTE: this vulnerability exists...
SUSE CVE-2016-6316
Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...
SUSE CVE-2019-5418
There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...
SUSE CVE-2019-5419
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
SUSE CVE-2020-5267
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...
SUSE CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
SUSE CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...
Debian dla-3227 : ruby-rails-html-sanitizer - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3227 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3227-1 [email protected] https://www.debian.org/lts/security/...
Design/Logic Flaw
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
DEBIAN-CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
Cross site scripting
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
UBUNTU-CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
Action View tag helpers 跨站脚本漏洞
Action View tag helpers is an open source, free, easy-to-use, Jira-like issue requirement tracking tool for small and medium-sized businesses from Action View. A security vulnerability exists in Action View tag helpers version 5.2.0 and later versions. An attacker can exploit the vulnerability to...