6 matches found
CVE-2026-8197
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...
EUVD-2026-31342
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...
CVE-2026-8197 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name
Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name admin-controlled through Concrete's t translation helper as a sprintf-style format. The ... wrap is built by PHP string interpolation before t runs, so th...
Rails Security Vulnerabilities
Rails is a set of open source web application frameworks based on the Ruby language by the American Rails team. A security vulnerability exists in Rails 7.0.0 and earlier versions, which stems from a cross-site scripting XSS vulnerability when using the Translation Helper in Action Controller...
SUSE CVE-2013-4491
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/translationhelper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generati...
UBUNTU-CVE-2013-4491
Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/translationhelper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generati...