35 matches found
CVE-2024-22411
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
CVE-2023-34103
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...
CVE-2023-34102
Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...
CVE-2024-22191
Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...
Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
GHSA-G8VP-2V5P-9QFH Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
Cross-site scripting (XSS) in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12 any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious...
Cross site scripting
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
CVE-2024-22411 Cross site scripting in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
CVE-2024-22411 Cross site scripting in Action messages on Avo
Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...
Avo Cross-Site Scripting Vulnerability
Avo is Avo open source an open source ruby on rails admin panel creation framework. A cross-site scripting vulnerability exists in Avo version v3.2.3, which stems from a stored cross-site scripting XSS vulnerability in the keyvalue field...
Avo Cross-Site Scripting Vulnerability
Avo is an open source ruby on rails admin panel creation framework. A cross-site scripting vulnerability exists in Avo version 3 pre12, which stems from a cross-site scripting XSS vulnerability in the Avo::BaseAction subclass...
CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...
Avo 跨站脚本漏洞
Avo is an open source ruby on rails admin panel creation framework from Avo Open Source. A cross-site scripting vulnerability exists in Avo version 2.33.2, 3.0.0.pre12, which stems from the vulnerability of certain avo fields to XSS attacks when rendering html-based content...
Avo 输入验证错误漏洞
Avo is an open source ruby on rails admin panel creation framework from Avo Open Source. An input validation error vulnerability exists in Avo version 2.33.2, version 3.0.0.pre12. The vulnerability stems from a user storing input and updating a record class using a polymorphic field type that doe...