2 matches found
CVE-2019-12732
The Chartkick gem through 3.1.0 for Ruby allows XSS...
CVE-2019-12732
CVE-2019-12732 concerns the Chartkick gem for Ruby, up to version 3.1.0, which allows Cross‑Site Scripting (XSS). The vulnerability stems from how data is handled by the chart rendering path (e.g., json data passed to chartkick_chart), where insufficient sanitization/validation can lead to arbitr...