Lucene search
+L

13 matches found

redhatcve
redhatcve
added 2026/01/09 12:41 p.m.10 views

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS6.6AI score0.00517EPSS
Exploits2References1
rubygems
rubygems
added 2023/05/23 12:0 a.m.8 views

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS6.8AI score0.00517EPSS
Exploits2References1Affected Software1
snyk
snyk
added 2023/05/12 8:55 a.m.5 views

Cross-site Scripting (XSS)

Overview rollout-ui is a minimalist UI for the rollout gem Affected versions of this package are vulnerable to Cross-site Scripting XSS that allows authenticated users to execute scripts via the "Do you really want to delete" confirmation dialog. PoC http:///features/'+alertdocument.cookie+'...

6.1CVSS5.3AI score0.00517EPSS
Exploits2References2
github
github
added 2023/05/11 6:30 p.m.7 views

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS5.9AI score0.00517EPSS
Exploits2References8Affected Software1
osv
osv
added 2023/05/11 6:30 p.m.4 views

GHSA-5XQ9-H3J2-JXVC Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS5.9AI score0.00517EPSS
Exploits2References8
osv
osv
added 2023/05/11 6:15 p.m.7 views

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS6.2AI score0.00517EPSS
Exploits2References4
nvd
nvd
added 2023/05/11 6:15 p.m.27 views

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.1CVSS6.2AI score0.00517EPSS
Exploits2References2
prion
prion
added 2023/05/11 6:15 p.m.17 views

Cross site scripting

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

5.8CVSS6.1AI score0.00517EPSS
Exploits2References4Affected Software1
cve
cve
added 2023/05/11 12:0 a.m.62 views

CVE-2023-25309

CVE-2023-25309 describes a cross-site scripting vulnerability in Fetlife rollout-ui

6.1CVSS6.1AI score0.00517EPSS
Exploits2References2Affected Software1
cvelist
cvelist
added 2023/05/11 12:0 a.m.37 views

CVE-2023-25309

Cross Site Scripting XSS Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality...

6.3AI score0.00517EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2023/05/11 12:0 a.m.6 views

PT-2023-20022 · Fetlife · Fetlife Rollout-Ui

Name of the Vulnerable Software and Affected Versions: Fetlife rollout-ui version 0.5 Description: The issue allows attackers to execute arbitrary code via a crafted URL to the delete a feature functionality. This is a Cross Site Scripting XSS vulnerability. Recommendations: For Fetlife rollout-u...

6.1CVSS6AI score0.00517EPSS
Exploits2References10
packetstorm
packetstorm
added 2023/05/08 12:0 a.m.393 views

Rollout::UI 0.5 Cross Site Scripting

ADVISORY INFORMATION ======================= Exploit Title: Rollout::UI v0.5 Cross-site scripting Date: 2023-05-05 Exploit Author: Eduardo José de Borba Vendor Homepage: https://github.com/fetlife Software Link: https://github.com/fetlife/rollout-ui Type: Cross-Site Scripting CWE-79 Tested on:...

7.1AI score0.00517EPSS
Exploits2
cnnvd
cnnvd
added 2023/05/07 12:0 a.m.5 views

Rollout::UI 跨站脚本漏洞

Rollout::UI is a minimalist UI software from the fetlife community. A security vulnerability exists in Rollout::UI, which stems from the function name in the confirmation dialog not being properly escaped. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

6.1CVSS5.9AI score0.00517EPSS
Exploits2References5
Rows per page
Query Builder