Lucene search
K

112 matches found

OpenVAS
OpenVAS
added 2020/10/05 12:0 a.m.20 views

Fedora: Security Advisory for rubygem-actionview (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1AI score
Exploits0References2
OSV
OSV
added 2020/09/21 8:54 a.m.9 views

SUSE-SU-2020:2686-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-15169: Fix cross-site scripting in translation helpers bsc1176421...

6.1CVSS7.4AI score0.02372EPSS
Exploits0References3
Veracode
Veracode
added 2020/09/14 2:56 a.m.22 views

Cross-Site Scripting (XSS)

actionview is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the t and translate parameters,...

6.1CVSS6.5AI score0.02372EPSS
Exploits0References5Affected Software2
Snyk
Snyk
added 2020/09/10 11:22 a.m.1 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS...

7.4CVSS5.3AI score0.02372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/09/09 9:27 p.m.33 views

CVE-2020-15169

A flaw was found in rubygem-actionview in versions prior to 5.2.4.4 and 6.0.3.3. When an HTML-unsafe string is passed as the default for a missing translation key, the default string is incorrectly marked as HTML-safe and not escaped. Thie highest threat from this vulnerability is to data...

6.1CVSS3.7AI score0.02372EPSS
Exploits0References4
OSV
OSV
added 2020/08/06 9:5 a.m.9 views

SUSE-SU-2020:2140-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - Fixed a potential remote code execution of user-provided local names bsc1173144, CVE-2020-8163...

8.8CVSS8.9AI score0.83085EPSS
Exploits10References3
OSV
OSV
added 2020/07/07 4:34 p.m.30 views

GHSA-CR3X-7M39-C6JQ Remote code execution via user-provided local names in ActionView

The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call to perform a RCE...

8.8CVSS8.6AI score0.83085EPSS
Exploits10References7
RedhatCVE
RedhatCVE
added 2020/06/02 5:53 p.m.50 views

CVE-2020-8167

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

5CVSS7.7AI score0.04397EPSS
Exploits2References4
Snyk
Snyk
added 2020/05/19 7:56 a.m.1 views

Cross-site Request Forgery (CSRF)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF. An attacker might be able to set the href attribute of an anchor tag or the action attribute of a form tag that will...

7.5CVSS6.9AI score0.04397EPSS
Exploits2References2
Veracode
Veracode
added 2020/05/18 6:48 a.m.27 views

Remote Code Execution

actionview is vulnerable to remote code execution. User-provided local names are not validated and sanitiized before being passed to a render call. An attacker would be able to execute arbitrary code if the locals argument can be controlled...

8.8CVSS4.3AI score0.83085EPSS
Exploits10References6Affected Software2
Snyk
Snyk
added 2020/05/17 1:5 p.m.3 views

Remote Code Execution (RCE)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Remote Code Execution RCE. An attacker might be able to control the locals argument of a render call. Note: It doesn't affect applications that don't...

9.8CVSS8AI score0.83085EPSS
Exploits10References2
OpenVAS
OpenVAS
added 2020/05/12 12:0 a.m.25 views

openSUSE: Security Advisory for rubygem-actionview-5_1 (openSUSE-SU-2020:0627-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

4.8CVSS6.2AI score0.01543EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/05/11 12:0 a.m.36 views

openSUSE Security Update : rubygem-actionview-5_1 (openSUSE-2020-627)

This update for rubygem-actionview-51 fixes the following issues : - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text a...

4.8CVSS6.2AI score0.01543EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/05/11 12:0 a.m.39 views

SUSE SLED15 / SLES15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2020:1178-1)

This update for rubygem-actionview-51 fixes the following issues : CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory...

4.8CVSS6.3AI score0.01543EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2020/05/11 12:0 a.m.73 views

Security update for rubygem-actionview-5_1 (moderate)

openSUSE Security Update: Security update for rubygem-actionview-51 Announcement ID: openSUSE-SU-2020:0627-1 Rating: moderate References: 1167240 Cross-References: CVE-2020-5267 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update...

4.8CVSS6.7AI score0.01543EPSS
Exploits1References1
OSV
OSV
added 2020/05/08 12:18 p.m.3 views

OPENSUSE-SU-2020:0627-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project...

4.8CVSS5.9AI score0.01543EPSS
Exploits1References3
OSV
OSV
added 2020/05/05 8:27 a.m.4 views

SUSE-SU-2020:1178-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240...

4.8CVSS6AI score0.01543EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2020/05/05 7:39 a.m.26 views

CVE-2020-5267

A flaw was found in rubygem-actionview. Views that use the j or escapejavascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity...

4.8CVSS2.8AI score0.01543EPSS
Exploits1References4
OSV
OSV
added 2020/04/08 10:26 a.m.4 views

SUSE-SU-2020:0954-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView bsc1167240...

4.8CVSS6AI score0.01543EPSS
Exploits1References3
Veracode
Veracode
added 2020/03/20 5:35 a.m.26 views

Cross-site Scripting (XSS)

actionview is vulnerable to cross-site scripting XSS. Inadequate sanitization and escaping of special characters such as dollar signs and backticks allows an attacker to inject and execute arbitrary Javascript in a user's browser via the j or javascriptescape helper...

4.8CVSS5.3AI score0.01543EPSS
Exploits1References8Affected Software243
Rows per page
Query Builder