Lucene search
K

17 matches found

UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.33 views

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

6.3CVSS6.5AI score0.00632EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/09 12:33 a.m.44 views

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

0.00632EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/01/09 12:33 a.m.39 views

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

6.3CVSS5.6AI score0.00632EPSS
Exploits0
OSV
OSV
added 2024/06/28 11:8 a.m.6 views

OESA-2024-1775 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

6.3CVSS6.2AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2024/06/28 11:8 a.m.6 views

OESA-2024-1774 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

6.3CVSS6.2AI score0.00632EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.27 views

openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.5AI score0.00632EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/28 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3813-1 advisory. - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826. Tenable has extracted the preceding description block...

6.3CVSS6.5AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2023/09/27 3:36 p.m.3 views

SUSE-SU-2023:3813-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826...

6.3CVSS6.1AI score0.00632EPSS
Exploits0References3
Circl
Circl
added 2023/09/08 1:57 a.m.21 views

CVE-2023-23913

creationtimestamp| type| source ---|---|--- 2023-09-08 01:57:51+00:00| seen| https://t.me/ctinow/135573 2025-01-09 00:56:47+00:00| seen| https://infosec.exchange/users/cve/statuses/113795675409849063 2025-01-09 01:13:47+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/864...

6.3CVSS5.8AI score0.00632EPSS
Exploits0References6
Hacker One
Hacker One
added 2023/08/28 6:25 a.m.85 views

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...

6.3CVSS6.1AI score0.00632EPSS
Exploits0
OSV
OSV
added 2023/06/09 10:41 p.m.27 views

GHSA-XP5H-F8JF-RC8Q rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.1AI score0.00632EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/06/09 10:41 p.m.46 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.2AI score0.00632EPSS
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.88 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS5.9AI score0.00632EPSS
Exploits0References10Affected Software1
Debian
Debian
added 2023/04/14 4:39 p.m.35 views

[SECURITY] [DSA 5389-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5389-1 [email protected] https://www.debian.org/security/ Aron Xu April 14, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

6.3CVSS8.4AI score0.00907EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/29 1:53 a.m.5 views

SUSE CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

7.5CVSS6.2AI score0.00632EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/03/27 6:13 p.m.55 views

CVE-2023-23913

A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks...

7.5CVSS5.5AI score0.00632EPSS
Exploits0References3
RubySec
RubySec
added 2023/03/13 12:0 a.m.34 views

DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.2AI score0.00632EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder