217 matches found
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers = 5.2.0 and 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes...
CVE-2022-27777
CVE-2022-27777 : Rails contains an XSS vulnerability in Action View tag helpers that could allow an attacker to inject content when they can control input in specific attributes. The issue is confirmed across multiple sources (Rails ecosystem advisories and debian/security notes) and is tied to t...
FreeBSD : Rails -- XSS vulnerabilities (9db93f3d-c725-11ec-9618-000d3ac47524)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9db93f3d-c725-11ec-9618-000d3ac47524 advisory. - A XSS Vulnerability in Action View tag helpers = 5.2.0 and = 5.2.0 and 5.2.0 that could allo...
Cross-site Scripting (XSS)
rails is vulnerable to Cross-site Scripting XSS. The library does not properly escape input data passed as hash keys for tag attributes in Action View tag helpers, allowing an attacker to inject and execute malicious javascript...
GHSA-CH3H-J2VF-95PV XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...
XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...
PT-2022-3569 · Unknown +4 · Action View +4
Name of the Vulnerable Software and Affected Versions: Action View tag helpers versions prior to 5.2.7.1 Action View tag helpers versions prior to 6.0.4.8 Action View tag helpers versions prior to 6.1.5.1 Action View tag helpers versions prior to 7.0.2.4 Description: A XSS vulnerability exists in...
Possible XSS Vulnerability in Action View tag helpers
There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1,...
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...
The vulnerability of the `escape_javascript` function in the `javascript_helper.rb` component of the ActionView programming platform for Ruby on Rails allows attackers to compromise data integrity.
The vulnerability of the escapejavascript function in the javascripthelper.rb component of the ActionView programming platform for the Ruby on Rails framework is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an...
Security Bulletin: A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management
Summary A security vulnerability in Rails Action View affects the IBM Cloud Pak for Multicloud Management Infrastructure Management . Vulnerability Details CVEID: CVE-2020-15169 DESCRIPTION: Rails Action View is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)
Ruby on Rails blog : Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View C Tenable Network Security, Inc. The descriptive...
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
DEBIAN-CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
Cross site scripting
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
UBUNTU-CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
CVE-2020-15169 XSS in Action View
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. When an...
CVE-2020-15169
CVE-2020-15169 affects Rails Action View translation helpers. Vulnerability arises when user-controlled default for a missing translation key named html or ending in _html is treated as HTML-safe, allowing XSS. Affected are Action View versions prior to 5.2.4.4 and 6.0.3.3; patch versions 5.2.4.4...