Lucene search
+L

5 matches found

CVE
CVE
added yesterday12 views

CVE-2026-54498

CVE-2026-54498 affects ViewComponent (Ruby on Rails) where ViewComponent::Base#around_render can return HTML-unsafe strings, bypassing normal escaping and causing XSS. The issue is amplified when ViewComponent::Collection#render_in joins per-item results and marks the whole output html_safe, conv...

8.7CVSS5.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 3 days ago9 views

ViewComponent: around_render HTML-Safety Bypass

Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...

8.7CVSS6AI score
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60389

Name of the Vulnerable Software and Affected Versions view component versions 4.0.0 through 4.11.0 Description An issue exists where ViewComponent::Basearound render can return HTML-unsafe strings that bypass the escaping behavior typically applied to call return values. This leads to a Cross-Sit...

8.7CVSS5.2AI score
Exploits0References9
Snyk
Snyk
added 2026/07/08 9:21 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the aroundrender. An attacker can execute arbitrary scripts in the context of the application by injecting malicious input that is not properly escaped. This can occur when user-controlled data is included i...

9.3CVSS6.2AI score
Exploits0References2
RubySec
RubySec
added 2026/06/04 12:0 a.m.4 views

around_render HTML-Safety Bypass

Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...

8.7CVSS6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder