Lucene search
K

35 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.6 views

CVE-2024-22411

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS6.1AI score0.0071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.6 views

CVE-2023-34103

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

7.3CVSS5.9AI score0.00563EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.10 views

CVE-2023-34102

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...

8.8CVSS7.3AI score0.0161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:50 p.m.9 views

CVE-2024-22191

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...

7.3CVSS5.4AI score0.00745EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/01/17 10:34 p.m.26 views

Cross-site scripting (XSS) in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS6.2AI score0.0071EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/01/17 10:34 p.m.15 views

GHSA-G8VP-2V5P-9QFH Cross-site scripting (XSS) in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS5.5AI score0.0071EPSS
Exploits1References8
RubySec
RubySec
added 2024/01/17 12:0 a.m.22 views

Cross-site scripting (XSS) in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12 any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious...

6.5CVSS6.2AI score0.0071EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2024/01/16 10:15 p.m.18 views

Cross site scripting

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

4.9CVSS6.1AI score0.0071EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 9:57 p.m.9 views

CVE-2024-22411 Cross site scripting in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS6.2AI score0.0071EPSS
Exploits1References5
OSV
OSV
added 2024/01/16 9:57 p.m.25 views

CVE-2024-22411 Cross site scripting in Action messages on Avo

Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A maliciou...

6.5CVSS5.2AI score0.0071EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

Avo Cross-Site Scripting Vulnerability

Avo is Avo open source an open source ruby on rails admin panel creation framework. A cross-site scripting vulnerability exists in Avo version v3.2.3, which stems from a stored cross-site scripting XSS vulnerability in the keyvalue field...

7.3CVSS5.7AI score0.00745EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

Avo Cross-Site Scripting Vulnerability

Avo is an open source ruby on rails admin panel creation framework. A cross-site scripting vulnerability exists in Avo version 3 pre12, which stems from a cross-site scripting XSS vulnerability in the Avo::BaseAction subclass...

6.5CVSS5.8AI score0.0071EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/06/05 10:13 p.m.10 views

CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

7.3CVSS5.8AI score0.00563EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

Avo 跨站脚本漏洞

Avo is an open source ruby on rails admin panel creation framework from Avo Open Source. A cross-site scripting vulnerability exists in Avo version 2.33.2, 3.0.0.pre12, which stems from the vulnerability of certain avo fields to XSS attacks when rendering html-based content...

7.3CVSS6AI score0.00563EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.7 views

Avo 输入验证错误漏洞

Avo is an open source ruby on rails admin panel creation framework from Avo Open Source. An input validation error vulnerability exists in Avo version 2.33.2, version 3.0.0.pre12. The vulnerability stems from a user storing input and updating a record class using a polymorphic field type that doe...

8.8CVSS8.2AI score0.0161EPSS
Exploits1References3
Rows per page
Query Builder