CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Cross-site Scripting (XSS)

Overview rollout-ui is a minimalist UI for the rollout gem Affected versions of this package are vulnerable to Cross-site Scripting XSS that allows authenticated users to execute scripts via the "Do you really want to delete" confirmation dialog. PoC http:///features/'+alertdocument.cookie+'...

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

GHSA-5XQ9-H3J2-JXVC Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Cross site scripting

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

CVE-2023-25309

CVE-2023-25309 describes a cross-site scripting vulnerability in Fetlife rollout-ui

PT-2023-20022 · Fetlife · Fetlife Rollout-Ui

Name of the Vulnerable Software and Affected Versions: Fetlife rollout-ui version 0.5 Description: The issue allows attackers to execute arbitrary code via a crafted URL to the delete a feature functionality. This is a Cross Site Scripting XSS vulnerability. Recommendations: For Fetlife rollout-u...

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

Rollout::UI 0.5 Cross Site Scripting

ADVISORY INFORMATION ======================= Exploit Title: Rollout::UI v0.5 Cross-site scripting Date: 2023-05-05 Exploit Author: Eduardo José de Borba Vendor Homepage: https://github.com/fetlife Software Link: https://github.com/fetlife/rollout-ui Type: Cross-Site Scripting CWE-79 Tested on:...

Rollout::UI 跨站脚本漏洞

Rollout::UI is a minimalist UI software from the fetlife community. A security vulnerability exists in Rollout::UI, which stems from the function name in the confirmation dialog not being properly escaped. An attacker could exploit this vulnerability to perform a cross-site scripting attack...