5 matches found
CVE-2026-54498
CVE-2026-54498 affects ViewComponent (Ruby on Rails) where ViewComponent::Base#around_render can return HTML-unsafe strings, bypassing normal escaping and causing XSS. The issue is amplified when ViewComponent::Collection#render_in joins per-item results and marks the whole output html_safe, conv...
ViewComponent: around_render HTML-Safety Bypass
Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...
PT-2026-60389
Name of the Vulnerable Software and Affected Versions view component versions 4.0.0 through 4.11.0 Description An issue exists where ViewComponent::Basearound render can return HTML-unsafe strings that bypass the escaping behavior typically applied to call return values. This leads to a Cross-Sit...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the aroundrender. An attacker can execute arbitrary scripts in the context of the application by injecting malicious input that is not properly escaped. This can occur when user-controlled data is included i...
around_render HTML-Safety Bypass
Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...