17 matches found
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
OESA-2024-1775 rubygem-actionview security update
Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...
OESA-2024-1774 rubygem-actionview security update
Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3813-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3813-1 advisory. - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826. Tenable has extracted the preceding description block...
SUSE-SU-2023:3813-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826...
CVE-2023-23913
creationtimestamp| type| source ---|---|--- 2023-09-08 01:57:51+00:00| seen| https://t.me/ctinow/135573 2025-01-09 00:56:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113795675409849063 2025-01-09 01:13:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/864...
Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...
GHSA-XP5H-F8JF-RC8Q rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...
[SECURITY] [DSA 5389-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1 [email protected] https://www.debian.org/security/ Aron Xu April 14, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
SUSE CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-23913
A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks...
DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...