14 matches found
PT-2026-27254
Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...
CVE-2022-35956
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...
EUVD-2022-6465
Malicious code in bioql PyPI...
CVE-2022-35956
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...
Sql injection
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...
CVE-2022-35956 update_by_case before 0.1.3 vulnerable to sql injection
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 updatebycase gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrad...
Open Redirect
Overview clearance is an authentication app for rails. Affected versions of this package are vulnerable to Open Redirect. The vulnerability can be possible when users are able to set the value of session:returnto. If the value used for returnto contains multiple leading slashes /////example.com t...
delayed_job_web Cross-site Scripting vulnerability
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attack...
GHSA-W7Q9-XR2X-WH7X delayed_job_web Cross-site Scripting vulnerability
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attack...
CVE-2017-12097
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...
CVE-2017-12097
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...
CVE-2017-12097
An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...
CVE-2017-12098
Removed by vendor...
PT-2018-5348 · Rails · Delayed Job Web
Name of the Vulnerable Software and Affected Versions: delayed job web rails gem versions 1.2.9 through 1.4 Description: An exploitable cross site scripting XSS issue exists in the filter functionality. A specially crafted URL can cause an XSS flaw, allowing an attacker to execute arbitrary...