Lucene search
K

14 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.5 views

SUSE CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

4.3CVSS5.9AI score0.0278EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/19 9:4 p.m.26 views

Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis (CVE-2015-3226)

Summary A vulnerability in ActiveSupport component of Ruby on Rails framework used by IBM License Metric Tool and IBM Endpoint Manager for Software Use Analysis allows for stealing authentication cookies with cross-site scripting attack . Vulnerability Details CVEID: CVE-2015-3226 DESCRIPTION:...

4.3CVSS7.5AI score0.0278EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2016/10/13 12:0 a.m.23 views

Ruby on Rails Active Support XSS Vulnerability (Jun 2015) - Windows

Ruby on Rails is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS7AI score0.0278EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/10/13 12:0 a.m.27 views

Ruby on Rails Active Support XSS Vulnerability (Jun 2015) - Linux

Ruby on Rails is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS7AI score0.0278EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/02/01 12:0 a.m.48 views

Debian DSA-3464-1 : rails - security update

Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

7.5CVSS6.2AI score0.95537EPSS
Exploits11References10
OSV
OSV
added 2015/07/26 10:59 p.m.12 views

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

6.6AI score
Exploits0References5
NVD
NVD
added 2015/07/26 10:59 p.m.16 views

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

4.3CVSS5.1AI score0.0278EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2015/07/26 10:59 p.m.26 views

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

4.3CVSS7.2AI score0.0278EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/26 10:0 p.m.30 views

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

5.2AI score0.0278EPSS
Exploits0References5
CVE
CVE
added 2015/07/26 10:0 p.m.103 views

CVE-2015-3226

CVE-2015-3226 is an XSS vulnerability in Active Support's JSON encoding (ActiveSupport::JSON.encode) where a Hash with user-controlled data is mishandled during JSON encoding, potentially injecting script/HTML when inserted into HTML. Affected are Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2...

4.3CVSS4.9AI score0.0278EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2015/07/26 10:0 p.m.45 views

CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

4.3CVSS6.5AI score0.0278EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/07/01 12:0 a.m.27 views

Fedora 21 : rubygem-activesupport-4.1.5-2.fc21 (2015-10545)

Fixes for : CVE-2015-3226 Escape HTML entities in JSON keys CVE-2015-3227 XML documents that are too deep can cause an stack overflow, which in turn will cause a potential DoS attack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora securit...

5CVSS6.3AI score0.04261EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/07/01 12:0 a.m.24 views

Fedora Update for rubygem-activesupport FEDORA-2015-10545

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS5.2AI score0.04261EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.72 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (eb8a8978-8dd5-49ce-87f4-49667b2166dd)

Ruby on Rails blog : Rails 3.2.22, 4.1.11 and 4.2.2 have been released, along with web console and jquery-rails plugins and Rack 1.5.4 and 1.6.2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

5CVSS6.1AI score0.44984EPSS
Exploits7References7
Rows per page
Query Builder