14 matches found
SUSE CVE-2026-33168
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168
A flaw was found in Action View, a component of the Rails framework. When a blank string is used as an HTML attribute name in Action View tag helpers, it bypasses attribute escaping, producing malformed HTML. A remote attacker could exploit this by crafting a malicious attribute value, which a we...
Cross-site Scripting (XSS)
Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via custom HTML attributes passed in to tag helpers. An attacker can inject scripts that may be executed in the context of th...
CVE-2026-33168
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
UBUNTU-CVE-2026-33168
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168
The connected advisory clarifies a concrete issue: Rails has a possible XSS vulnerability in Action View tag helpers when a blank string is used as an HTML attribute name, causing the attribute escaping to be bypassed and potentially letting a crafted value be interpreted as a new attribute name ...
CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
CVE-2026-33168
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...
Rails has a possible XSS vulnerability in its Action View tag helpers
Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...
Rails has a possible XSS vulnerability in its Action View tag helpers
Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...
Rails has a possible XSS vulnerability in its Action View tag helpers
When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that...