2 matches found
rubygem-activeview: Cross-site scripting in translation helpers
A flaw was found in rubygem-actionview in versions prior to 5.2.4.4 and 6.0.3.3. When an HTML-unsafe string is passed as the default for a missing translation key, the default string is incorrectly marked as HTML-safe and not escaped. Thie highest threat from this vulnerability is to data...
Cross-site Scripting (XSS)
Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS...