SUSE CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

Cross-site Scripting (XSS)

Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Trix editor via ActionText::Attachable::ContentAttachment in the richtextarea tag. An attacker can introduce malicious...

UBUNTU-CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

PT-2024-24592 · Unknown · Actiontext

Name of the Vulnerable Software and Affected Versions: ActionText versions 7.1.0 through 7.1.3.3 ActionText version 7.2.0.beta1 Description: The issue arises from instances of ActionText::Attachable::ContentAttachment included within a rich text area tag, which could potentially contain unsanitiz...