112 matches found
Fedora: Security Advisory for rubygem-actionview (FEDORA-2020-4dd34860a3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2020:2686-1 Security update for rubygem-actionview-4_2
This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-15169: Fix cross-site scripting in translation helpers bsc1176421...
Cross-Site Scripting (XSS)
actionview is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the t and translate parameters,...
Cross-site Scripting (XSS)
Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS...
CVE-2020-15169
A flaw was found in rubygem-actionview in versions prior to 5.2.4.4 and 6.0.3.3. When an HTML-unsafe string is passed as the default for a missing translation key, the default string is incorrectly marked as HTML-safe and not escaped. Thie highest threat from this vulnerability is to data...
SUSE-SU-2020:2140-1 Security update for rubygem-actionview-4_2
This update for rubygem-actionview-42 fixes the following issues: - Fixed a potential remote code execution of user-provided local names bsc1173144, CVE-2020-8163...
GHSA-CR3X-7M39-C6JQ Remote code execution via user-provided local names in ActionView
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call to perform a RCE...
CVE-2020-8167
A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...
Cross-site Request Forgery (CSRF)
Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. An attacker might be able to set the href attribute of an anchor tag or the action attribute of a form tag that will...
Remote Code Execution
actionview is vulnerable to remote code execution. User-provided local names are not validated and sanitiized before being passed to a render call. An attacker would be able to execute arbitrary code if the locals argument can be controlled...
Remote Code Execution (RCE)
Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Remote Code Execution RCE. An attacker might be able to control the locals argument of a render call. Note: It doesn't affect applications that don't...
openSUSE: Security Advisory for rubygem-actionview-5_1 (openSUSE-SU-2020:0627-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : rubygem-actionview-5_1 (openSUSE-2020-627)
This update for rubygem-actionview-51 fixes the following issues : - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text a...
SUSE SLED15 / SLES15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2020:1178-1)
This update for rubygem-actionview-51 fixes the following issues : CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...
Security update for rubygem-actionview-5_1 (moderate)
openSUSE Security Update: Security update for rubygem-actionview-51 Announcement ID: openSUSE-SU-2020:0627-1 Rating: moderate References: 1167240 Cross-References: CVE-2020-5267 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update...
OPENSUSE-SU-2020:0627-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project...
SUSE-SU-2020:1178-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240...
CVE-2020-5267
A flaw was found in rubygem-actionview. Views that use the j or escapejavascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity...
SUSE-SU-2020:0954-1 Security update for rubygem-actionview-4_2
This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView bsc1167240...
Cross-site Scripting (XSS)
actionview is vulnerable to cross-site scripting XSS. Inadequate sanitization and escaping of special characters such as dollar signs and backticks allows an attacker to inject and execute arbitrary Javascript in a user's browser via the j or javascriptescape helper...