36 matches found
EUVD-2020-0979
Malware in sbrugna...
EUVD-2024-0589
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-26143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using...
BIT-RAILS-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
SUSE CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
Cross-Site Scripting (XSS)
Rails is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input in the translation helpers, specifically in the handling of the default option. This flaw allows an attacker to inject malicious JavaScript code into the browser, resulting in Cross-Si...
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...
GHSA-9822-6M93-XQF4 Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...
CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
Design/Logic Flaw
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
UBUNTU-CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143
CVE-2024-26143 concerns Rails’ Action Controller translation helpers. Affected code paths involve using translate/t with a key ending in “_html” and a :default value containing untrusted input, where the resulting string is rendered in a view, creating an XSS risk. The issue is fixed in Rails ver...
CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the translation helpers translate, t, etc in Action Controller. An attacker can inject malicious scripts by using a key ending in html with a :default key that contains untrusted user input, if the resulting...
PT-2024-5871 · Unknown +1 · Ruby On Rails +1
Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 7.1.3.1 Ruby on Rails versions prior to 7.0.8.1 Description: There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate,...
Possible XSS Vulnerability in Action Controller
There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0 Not affected: 7.0.0 Fixed Versions: 7.1.3.1, 7.0.8.1 Impact Applications using...
SUSE-SU-2023:2059-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2022-27777: Fixed possible cross-site scripting vulnerability in Action View tag helpers bsc1199060. - CVE-2020-15169: Fixed cross-site scripting in translation helpers bsc1176421. - CVE-2020-8167: Fixed CSRF vulnerability in...