Lucene search
K

112 matches found

Tenable Nessus
Tenable Nessus
added 2023/09/28 12:0 a.m.28 views

SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionview-5_1 (SUSE-SU-2023:3813-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3813-1 advisory. - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826. Tenable has extracted the preceding description block...

6.3CVSS6.5AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2023/09/27 3:36 p.m.3 views

SUSE-SU-2023:3813-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs bsc1209826...

6.3CVSS6.1AI score0.00632EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.8 views

Fedora: Security Advisory for rubygem-actionview (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2023/09/15 7:4 p.m.17 views

[SECURITY] Fedora 39 Update: rubygem-actionview-7.0.7.2-1.fc39

Simple, battle-tested conventions and helpers for building web pages...

7.1AI score
Exploits0
OSV
OSV
added 2023/06/09 10:41 p.m.27 views

GHSA-XP5H-F8JF-RC8Q rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.1AI score0.00632EPSS
Exploits0References9
OSV
OSV
added 2023/04/27 2:32 p.m.5 views

SUSE-SU-2023:2059-1 Security update for rubygem-actionview-5_1

This update for rubygem-actionview-51 fixes the following issues: - CVE-2022-27777: Fixed possible cross-site scripting vulnerability in Action View tag helpers bsc1199060. - CVE-2020-15169: Fixed cross-site scripting in translation helpers bsc1176421. - CVE-2020-8167: Fixed CSRF vulnerability in...

6.5CVSS7.4AI score0.02372EPSS
Exploits2References7
OpenVAS
OpenVAS
added 2023/04/06 12:0 a.m.13 views

Fedora: Security Advisory for rubygem-actionview (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/05 1:36 a.m.19 views

[SECURITY] Fedora 37 Update: rubygem-actionview-7.0.4.3-1.fc37

Simple, battle-tested conventions and helpers for building web pages...

5.3CVSS7.7AI score0.00907EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/04/02 12:0 a.m.22 views

Fedora: Security Advisory for rubygem-actionview (FEDORA-2023-d6157bb1e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.7AI score0.00907EPSS
Exploits0References2
Fedora
Fedora
added 2023/04/01 12:17 a.m.20 views

[SECURITY] Fedora 38 Update: rubygem-actionview-7.0.4.3-1.fc38

Simple, battle-tested conventions and helpers for building web pages...

5.3CVSS7.7AI score0.00907EPSS
Exploits0
Hacker One
Hacker One
added 2022/12/14 8:50 p.m.118 views

Internet Bug Bounty: Rails ActionView sanitize helper bypass leading to XSS using SVG tag.

Loofah versions between 2.1.0 and 2.19.1 were vulnerable to a cross-site scripting XSS attack via the image/svg+xml media type in data URIs. This allowed an attacker to bypass HTML sanitization and execute malicious code. The vulnerability was mitigated by upgrading to Loofah version 2.19.1 or...

6.1CVSS6.2AI score0.00792EPSS
Exploits0
OSV
OSV
added 2022/11/03 6:26 a.m.5 views

SUSE-SU-2022:3860-1 Security update for rubygem-actionview-4_2

This update for rubygem-actionview-42 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helpers bsc1199060...

6.1CVSS7.3AI score0.01485EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/09/07 9:38 p.m.70 views

Ruby on Rails: ActionView sanitize helper bypass leading to XSS using SVG tag.

An HTML sanitization bypass vulnerability was discovered in the ActionView sanitize helper. This allowed an attacker to bypass sanitization and execute cross-site scripting XSS attacks by using the use tag of the SVG element. By embedding a base64 encoded SVG with malicious code, an attacker coul...

6.1CVSS6.3AI score0.00867EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2022/04/29 1:42 p.m.37 views

CVE-2022-27777

A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack...

7.5CVSS2.6AI score0.01485EPSS
Exploits1References4
Snyk
Snyk
added 2022/04/27 10:36 a.m.2 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ActionView::Helpers and ERB::Util methods, due to improper escape of dangerous characters in names of tags and names ...

7.5CVSS5.3AI score0.01485EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/01/08 6:53 p.m.32 views

Ruby on Rails: XSS vulnerabilities due to missing checks in tag helpers

XSS vulnerabilities were discovered in certain tag helpers in Rails, specifically in the FormTagHelper and TagHelper modules. These vulnerabilities allowed attackers to execute arbitrary JavaScript code by manipulating user-controlled input in tag attributes and tag names. The impact of these...

6.1CVSS6.9AI score0.01485EPSS
Exploits1
OSV
OSV
added 2021/05/15 11:2 a.m.3 views

OESA-2021-1180 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting XSS vulnerability in Action View s translation helpers. Views that allow the user to control the default not found val...

6.1CVSS5.3AI score0.02372EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/04/21 1:15 p.m.7 views

rubygem-actionview: CSRF vulnerability in rails-ujs

A flaw was found in rubygem-actionview. A regression of CVE-2015-1840 causes Rails-ujs to send CSRF tokens to wrong domains. The highest threat from this vulnerability is to data integrity...

6.5CVSS6.6AI score0.01485EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/10/27 12:58 p.m.5 views

rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks

A flaw was found in rubygem-actionview. Views that use the j or escapejavascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity...

4.8CVSS7AI score0.01543EPSS
Exploits1References5
Fedora
Fedora
added 2020/10/05 12:17 a.m.43 views

[SECURITY] Fedora 33 Update: rubygem-actionview-6.0.3.3-1.fc33

Simple, battle-tested conventions and helpers for building web pages...

6.5CVSS2.1AI score0.02372EPSS
Exploits1
Rows per page
Query Builder