29 matches found
GHSA-G45G-G52H-39RG Cross-site Scripting in Chartkick
The Chartkick gem through 3.1.0 for Ruby allows XSS...
Cross-site Scripting in Chartkick
The Chartkick gem through 3.1.0 for Ruby allows XSS...
CVE-2019-12732
The Chartkick gem through 3.1.0 for Ruby allows XSS...
CVE-2019-12732
The Chartkick gem through 3.1.0 for Ruby allows XSS...
Cross site scripting
The Chartkick gem through 3.1.0 for Ruby allows XSS...
CVE-2019-12732
CVE-2019-12732 concerns the Chartkick gem for Ruby, up to version 3.1.0, which allows Cross‑Site Scripting (XSS). The vulnerability stems from how data is handled by the chart rendering path (e.g., json data passed to chartkick_chart), where insufficient sanitization/validation can lead to arbitr...
CVE-2019-12732
The Chartkick gem through 3.1.0 for Ruby allows XSS...
Cross-site Scripting (XSS)
Chartkick is vulnerable to Cross-Site Scripting. The JSON data passed to the chartkickchart function is not properly sanitised, thus allowing an attacker to input malicious data to execute arbitrary Javascript code on the victim's browser...
XSS Vulnerability in Chartkick Ruby Gem
Chartkick is vulnerable to a cross-site scripting XSS attack if both the following conditions are met: Condition 1: It's used with ActiveSupport.escapehtmlentitiesinjson = false this is not the default for Rails OR used with a non-Rails framework like Sinatra. Condition 2: Untrusted data or optio...