6 matches found
ruby-grape ruby gem cross-site scripting vulnerability
ruby-grape ruby gem is a framework for creating class REST APIs in Ruby. A cross-site scripting vulnerability exists in the ruby-grape ruby gem. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'format' parameter...
CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
UBUNTU-CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
DEBIAN-CVE-2018-3769
ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...
PT-2018-16187 · Ruby · Ruby-Grape
Name of the Vulnerable Software and Affected Versions: ruby-grape affected versions not specified Description: The ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via the format parameter. This issue allows for potential XSS attacks. Recommendations: At the moment, there...
ruby-grape Gem has XSS via "format" parameter
When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...