Lucene search
K

6 matches found

CNVD
CNVD
added 2018/07/09 12:0 a.m.3 views

ruby-grape ruby gem cross-site scripting vulnerability

ruby-grape ruby gem is a framework for creating class REST APIs in Ruby. A cross-site scripting vulnerability exists in the ruby-grape ruby gem. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'format' parameter...

6.1CVSS5.7AI score0.01428EPSS
Exploits1References1
NVD
NVD
added 2018/07/05 4:29 p.m.22 views

CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS6AI score0.01428EPSS
Exploits1References3
OSV
OSV
added 2018/07/05 4:29 p.m.6 views

UBUNTU-CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS5.7AI score0.01428EPSS
Exploits1References5
OSV
OSV
added 2018/07/05 4:29 p.m.3 views

DEBIAN-CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS6AI score0.01428EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/07/05 12:0 a.m.7 views

PT-2018-16187 · Ruby · Ruby-Grape

Name of the Vulnerable Software and Affected Versions: ruby-grape affected versions not specified Description: The ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via the format parameter. This issue allows for potential XSS attacks. Recommendations: At the moment, there...

6.1CVSS5.8AI score0.01428EPSS
Exploits1References11
RubySec
RubySec
added 2018/05/23 12:0 a.m.41 views

ruby-grape Gem has XSS via "format" parameter

When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...

6.1CVSS1.5AI score0.01428EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder