CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

SUSE CVE•added 2026/03/25 12:24 a.m.•6 views

SUSE CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:7 a.m.•9 views

CVE-2026-33168

A flaw was found in Action View, a component of the Rails framework. When a blank string is used as an HTML attribute name in Action View tag helpers, it bypasses attribute escaping, producing malformed HTML. A remote attacker could exploit this by crafting a malicious attribute value, which a we...

5.4CVSS5.8AI score0.00516EPSS

Exploits0References10

Snyk•added 2026/03/24 12:32 a.m.•4 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via custom HTML attributes passed in to tag helpers. An attacker can inject scripts that may be executed in the context of th...

4.7CVSS5.5AI score0.00516EPSS

Exploits0References2

NVD•added 2026/03/23 11:17 p.m.•6 views

CVE-2026-33168

2.3CVSS0.00516EPSS

Exploits0References7

UbuntuCve•added 2026/03/23 11:17 p.m.•3 views

CVE-2026-33168

2.3CVSS5.8AI score0.00516EPSS

Exploits0References8

OSV•added 2026/03/23 11:17 p.m.•8 views

UBUNTU-CVE-2026-33168

2.3CVSS5.8AI score0.00516EPSS

Exploits0References9

Cvelist•added 2026/03/23 11:1 p.m.•22 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS0.00516EPSS

Exploits0References7

CVE•added 2026/03/23 11:1 p.m.•13 views

CVE-2026-33168

CVE-2026-33168 (Rails / Action View) affects Rails’ Action View tag helpers. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, using a blank string as an HTML attribute name bypasses attribute escaping, producing malformed HTML. A crafted attribute could be misinterpreted by the browser as a new a...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References7

Vulnrichment•added 2026/03/23 11:1 p.m.•3 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References7

ATTACKERKB•added 2026/03/23 11:1 p.m.•2 views

CVE-2026-33168

2.3CVSS5.8AI score0.00516EPSS

Exploits0References8Affected Software1

OSV•added 2026/03/23 11:1 p.m.•4 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References9

Github Security Blog•added 2026/03/23 8:51 p.m.•11 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.3AI score0.00516EPSS

Exploits0References10Affected Software1

RubySec•added 2026/03/23 12:0 a.m.•9 views

Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References1Affected Software1

GitLab Advisory Database•added 2026/03/23 12:0 a.m.•8 views

Rails has a possible XSS vulnerability in its Action View tag helpers

When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References10Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by