CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

Tenable Nessus•added 2025/08/30 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-8167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. CVE-2020-8167 Note that Nessus...

6.5CVSS7AI score0.00427EPSS

Exploits1References2

Tenable Nessus•added 2025/08/27 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2023-23913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the...

6.3CVSS6.3AI score0.00207EPSS

Exploits0References2

Redos•added 2025/06/25 12:0 a.m.•2 views

ROS-20250625-04

A vulnerability in the Ruby on Rails software platform is related to a CSRF vulnerability in the rails-ujs module. Exploitation of the vulnerability could allow an attacker acting remotely to send CSRF tokens to the wrong domains. invalid domains...

6.5CVSS8.8AI score0.00427EPSS

Exploits1

NVD•added 2025/01/09 1:15 a.m.•9 views

CVE-2023-23913

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...

6.3CVSS0.00207EPSS

Exploits0References5

OSV•added 2025/01/09 1:15 a.m.•1 views

DEBIAN-CVE-2023-23913

6.3CVSS5.6AI score0.00207EPSS

Exploits0References1

OSV•added 2025/01/09 1:15 a.m.•16 views

CVE-2023-23913

6.3CVSS5.8AI score0.00207EPSS

Exploits0References5

OSV•added 2025/01/09 1:15 a.m.•0 views

UBUNTU-CVE-2023-23913

6.3CVSS6AI score0.00207EPSS

Exploits0References4

Vulnrichment•added 2025/01/09 12:33 a.m.•12 views

CVE-2023-23913

6AI score0.00207EPSS

Exploits0References5

OSV•added 2024/06/28 11:8 a.m.•1 views

OESA-2024-1775 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

6.3CVSS6.2AI score0.00207EPSS

Exploits0References2

OSV•added 2024/06/28 11:8 a.m.•2 views

OESA-2024-1774 rubygem-actionview security update

6.3CVSS6.2AI score0.00207EPSS

Exploits0References2

Hacker One•added 2023/08/28 6:25 a.m.•80 views

Internet Bug Bounty: [CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

A DOM-based cross-site scripting vulnerability was discovered in rails-ujs, affecting versions 5.1.0 and above. By pasting malicious HTML content with specific attributes into a contenteditable element, an attacker could execute arbitrary JavaScript on the affected origin. The vulnerability has...

6.3CVSS6.1AI score0.00207EPSS

Exploits0

Github Security Blog•added 2023/06/09 10:41 p.m.•41 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.2AI score0.00207EPSS

Exploits0References9Affected Software1

GitLab Advisory Database•added 2023/06/09 12:0 a.m.•30 views

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

6.3CVSS5.9AI score0.00207EPSS

Exploits0References10Affected Software1

SUSE CVE•added 2023/03/29 1:53 a.m.•2 views

SUSE CVE-2023-23913

7.5CVSS6.2AI score0.00207EPSS

Exploits0References4

Snyk•added 2023/03/20 12:0 a.m.•1 views

Cross-site Scripting (XSS)

Overview rails is an opensource MVC web framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, by leveraging the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential ...

7.5CVSS5.2AI score0.00207EPSS

Exploits0References2

RubySec•added 2023/03/13 12:0 a.m.•32 views

DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

6.3CVSS6.2AI score0.00207EPSS

Exploits0References1Affected Software1

SUSE CVE•added 2023/02/15 4:1 a.m.•1 views

SUSE CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

5.4CVSS6.9AI score0.00427EPSS

Exploits1References9

OSV•added 2020/07/07 4:34 p.m.•64 views

GHSA-XQ5J-GW7F-JGJ8 CSRF Vulnerability in rails-ujs

There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...

6.5CVSS7.6AI score0.00427EPSS

Exploits1References6

Github Security Blog•added 2020/07/07 4:34 p.m.•87 views

CSRF Vulnerability in rails-ujs

6.5CVSS6.7AI score0.00427EPSS

Exploits1References7Affected Software1

OSV•added 2020/06/19 6:15 p.m.•27 views

CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

6.5CVSS7.1AI score

Exploits0References3

Rows per page