Lucene search
K

5 matches found

Snyk
Snyk
added 2026/03/24 12:32 a.m.4 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via custom HTML attributes passed in to tag helpers. An attacker can inject scripts that may be executed in the context of th...

4.7CVSS5.5AI score0.00516EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:1 p.m.2 views

CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:1 p.m.3 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 11:1 p.m.5 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References9
RubySec
RubySec
added 2026/03/23 12:0 a.m.10 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder