Lucene search
K

29 matches found

OSV
OSV
added 2019/06/07 8:56 p.m.13 views

GHSA-G45G-G52H-39RG Cross-site Scripting in Chartkick

The Chartkick gem through 3.1.0 for Ruby allows XSS...

4.7CVSS5AI score0.00772EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2019/06/07 8:56 p.m.26 views

Cross-site Scripting in Chartkick

The Chartkick gem through 3.1.0 for Ruby allows XSS...

4.7CVSS2.1AI score0.00772EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2019/06/06 3:29 p.m.16 views

CVE-2019-12732

The Chartkick gem through 3.1.0 for Ruby allows XSS...

4.7CVSS4.8AI score0.00772EPSS
Exploits1References2
OSV
OSV
added 2019/06/06 3:29 p.m.8 views

CVE-2019-12732

The Chartkick gem through 3.1.0 for Ruby allows XSS...

4.7CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2019/06/06 3:29 p.m.10 views

Cross site scripting

The Chartkick gem through 3.1.0 for Ruby allows XSS...

2.6CVSS5.2AI score0.00772EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/06/06 2:54 p.m.86 views

CVE-2019-12732

CVE-2019-12732 concerns the Chartkick gem for Ruby, up to version 3.1.0, which allows Cross‑Site Scripting (XSS). The vulnerability stems from how data is handled by the chart rendering path (e.g., json data passed to chartkick_chart), where insufficient sanitization/validation can lead to arbitr...

4.7CVSS4.7AI score0.00772EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/06/06 2:54 p.m.18 views

CVE-2019-12732

The Chartkick gem through 3.1.0 for Ruby allows XSS...

5.2AI score0.00772EPSS
Exploits1References2
Veracode
Veracode
added 2019/06/06 2:9 a.m.25 views

Cross-site Scripting (XSS)

Chartkick is vulnerable to Cross-Site Scripting. The JSON data passed to the chartkickchart function is not properly sanitised, thus allowing an attacker to input malicious data to execute arbitrary Javascript code on the victim's browser...

4.7CVSS5.9AI score0.00772EPSS
Exploits1References4Affected Software1
RubySec
RubySec
added 2019/06/04 12:0 a.m.22 views

XSS Vulnerability in Chartkick Ruby Gem

Chartkick is vulnerable to a cross-site scripting XSS attack if both the following conditions are met: Condition 1: It's used with ActiveSupport.escapehtmlentitiesinjson = false this is not the default for Rails OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or optio...

4.7CVSS2AI score0.00772EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder