Lucene search
K

112 matches found

CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

ActionView Cross-Site Scripting Vulnerability

ActionView is a set of open source issue requirements tracking tool . The product supports permission configuration , statistical reports , document sharing and work logs and other functions . A cross-site scripting vulnerability exists in the JavaScript text escape helper in ActionView versions...

4.8CVSS7.9AI score0.01543EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.36 views

Debian DLA-2149-1 : rails security update

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. For Debian 8 'Jessie', this problem has been fixed in version...

4.8CVSS6.2AI score0.01543EPSS
Exploits1References3
OSV
OSV
added 2020/03/19 6:15 p.m.19 views

CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS4.6AI score
Exploits0References6
NVD
NVD
added 2020/03/19 6:15 p.m.17 views

CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS4.3AI score0.01543EPSS
Exploits1References6
OSV
OSV
added 2020/03/19 6:15 p.m.2 views

DEBIAN-CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6.1AI score0.01543EPSS
Exploits1References1
Prion
Prion
added 2020/03/19 6:15 p.m.17 views

Cross site scripting

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

3.5CVSS4.8AI score0.01543EPSS
Exploits1References6Affected Software4
OSV
OSV
added 2020/03/19 6:15 p.m.1 views

UBUNTU-CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6.6AI score0.01543EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2020/03/19 6:15 p.m.21 views

CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6.7AI score0.01543EPSS
Exploits1References6
OSV
OSV
added 2020/03/19 5:30 p.m.37 views

GHSA-65CV-R6X7-79HV Cross site scripting vulnerability in ActionView

There is a possible cross site scripting XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Impact There is a possible XSS vulnerability in the j and escapejavascript methods in ActionView. These...

4.8CVSS5.7AI score0.01543EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2020/03/19 5:30 p.m.104 views

Cross site scripting vulnerability in ActionView

There is a possible cross site scripting XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Impact There is a possible XSS vulnerability in the j and escapejavascript methods in ActionView. These...

4.8CVSS1AI score0.01543EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2020/03/19 5:30 p.m.34 views

CVE-2020-5267 Possible XSS vulnerability in ActionView

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4CVSS5.4AI score0.01543EPSS
Exploits1References6
CVE
CVE
added 2020/03/19 5:30 p.m.247 views

CVE-2020-5267

CVE-2020-5267 is an XSS vulnerability in ActionView’s JavaScript literal escape helpers. It affects Rails ActionView before 6.0.2.2 and 5.2.4.2, where views using j or escape_javascript may be vulnerable. The issue is fixed in version 6.0.2.2 and 5.2.4.2. Public connected documents corroborate th...

4.8CVSS5.1AI score0.01543EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2020/03/19 5:30 p.m.29 views

CVE-2020-5267

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2...

4.8CVSS6AI score0.01543EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2020/03/19 12:0 a.m.21 views

Cross-site Scripting

In ActionView there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS...

4.8CVSS2AI score0.01543EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2020/03/19 12:0 a.m.30 views

Possible XSS vulnerability in ActionView

There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escapejavascript methods may be susceptible to XSS attacks. Versions Affected: All. Not affected: None. Fixed Versions: 6.0.2.2, 5.2.4.2 Impact ------ There is a possible XSS...

4.8CVSS6.3AI score0.01543EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2019/11/06 10:28 a.m.36 views

CVE-2019-5418

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

8.1CVSS3.7AI score0.98507EPSS
Exploits18References4
RedHat Linux
RedHat Linux
added 2019/05/29 12:41 p.m.5 views

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

7.5CVSS7AI score0.98507EPSS
Exploits18References7
RedHat Linux
RedHat Linux
added 2019/05/13 9:12 a.m.5 views

rubygem-actionpack: render file directory traversal in Action View

A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...

7.5CVSS7AI score0.98507EPSS
Exploits18References7
Fedora
Fedora
added 2019/05/10 12:48 a.m.29 views

[SECURITY] Fedora 30 Update: rubygem-actionview-5.2.3-2.fc30

Simple, battle-tested conventions and helpers for building web pages...

9.8CVSS2.1AI score0.98507EPSS
Exploits30
OpenVAS
OpenVAS
added 2019/05/10 12:0 a.m.86 views

Fedora Update for rubygem-actionview FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.98507EPSS
Exploits30References4
Rows per page
Query Builder