Lucene search
+L

217 matches found

Cvelist
Cvelist
added 2022/05/26 12:0 a.m.42 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.2AI score0.01485EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/05/26 12:0 a.m.47 views

CVE-2022-27777

A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...

6.1CVSS5.8AI score0.01485EPSS
Exploits1
CVE
CVE
added 2022/05/26 12:0 a.m.215 views

CVE-2022-27777

CVE-2022-27777 : Rails contains an XSS vulnerability in Action View tag helpers that could allow an attacker to inject content when they can control input in specific attributes. The issue is confirmed across multiple sources (Rails ecosystem advisories and debian/security notes) and is tied to t...

6.1CVSS5.8AI score0.01485EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/30 12:0 a.m.29 views

FreeBSD : Rails -- XSS vulnerabilities (9db93f3d-c725-11ec-9618-000d3ac47524)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9db93f3d-c725-11ec-9618-000d3ac47524 advisory. - A XSS Vulnerability in Action View tag helpers = 5.2.0 and = 5.2.0 and 5.2.0 that could allo...

6.1CVSS7.3AI score0.01594EPSS
Exploits1References4
Veracode
Veracode
added 2022/04/28 11:3 a.m.90 views

Cross-site Scripting (XSS)

rails is vulnerable to Cross-site Scripting XSS. The library does not properly escape input data passed as hash keys for tag attributes in Action View tag helpers, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.2AI score0.01485EPSS
Exploits1References11Affected Software2
OSV
OSV
added 2022/04/27 10:32 p.m.37 views

GHSA-CH3H-J2VF-95PV XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

6.1CVSS6.2AI score0.01485EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/04/27 10:32 p.m.36 views

XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

6.1CVSS6.4AI score0.01485EPSS
Exploits1References9Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.10 views

PT-2022-3569 · Unknown +4 · Action View +4

Name of the Vulnerable Software and Affected Versions: Action View tag helpers versions prior to 5.2.7.1 Action View tag helpers versions prior to 6.0.4.8 Action View tag helpers versions prior to 6.1.5.1 Action View tag helpers versions prior to 7.0.2.4 Description: A XSS vulnerability exists in...

9.8CVSS6.4AI score0.99931EPSS
Exploits65References437
RubySec
RubySec
added 2022/04/26 12:0 a.m.29 views

Possible XSS Vulnerability in Action View tag helpers

There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...

6.1CVSS3.2AI score0.01485EPSS
Exploits1References1Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.76 views

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...

7.5CVSS5AI score0.95537EPSS
In wildExploits11
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.9 views

The vulnerability of the `escape_javascript` function in the `javascript_helper.rb` component of the ActionView programming platform for Ruby on Rails allows attackers to compromise data integrity.

The vulnerability of the escapejavascript function in the javascripthelper.rb component of the ActionView programming platform for the Ruby on Rails framework is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an...

4.8CVSS6.5AI score0.01543EPSS
Exploits1References9Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 6:39 p.m.29 views

Security Bulletin: A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management

Summary A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management . Vulnerability Details CVEID: CVE-2020-15169 DESCRIPTION: Rails Action View is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

6.1CVSS1.2AI score0.02372EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.32 views

FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)

Ruby on Rails blog : Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View C Tenable Network Security, Inc. The descriptive...

6.1CVSS7.4AI score0.02372EPSS
Exploits0References6
NVD
NVD
added 2020/09/11 4:15 p.m.23 views

CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS0.02372EPSS
Exploits0References4
OSV
OSV
added 2020/09/11 4:15 p.m.2 views

DEBIAN-CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS6.6AI score0.02372EPSS
Exploits0References1
OSV
OSV
added 2020/09/11 4:15 p.m.41 views

CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS5.8AI score
Exploits0References4
Prion
Prion
added 2020/09/11 4:15 p.m.26 views

Cross site scripting

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

4.3CVSS5.7AI score0.02372EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2020/09/11 4:15 p.m.4 views

UBUNTU-CVE-2020-15169

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

6.1CVSS6.8AI score0.02372EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/09/11 3:50 p.m.46 views

CVE-2020-15169 XSS in Action View

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...

5.4CVSS6AI score0.02372EPSS
Exploits0References4
CVE
CVE
added 2020/09/11 3:50 p.m.223 views

CVE-2020-15169

CVE-2020-15169 affects Rails Action View translation helpers. Vulnerability arises when user-controlled default for a missing translation key named html or ending in _html is treated as HTML-safe, allowing XSS. Affected are Action View versions prior to 5.2.4.4 and 6.0.3.3; patch versions 5.2.4.4...

6.1CVSS5.7AI score0.02372EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder