Cross-site Scripting (XSS)
actionview is vulnerable to cross-site scripting XSS. Inadequate sanitization and escaping of special characters such as dollar signs and backticks allows an attacker to inject and execute arbitrary Javascript in a user's browser via the j or javascriptescape helper...