12 matches found
CVE-2026-44836
CVE-2026-44836 insight (normal mode) The vulnerability affects the Ruby on Rails component framework view_component (versions 3.0.0 through 4.8.x; fixed in 4.9.0). The preview route derives an example name from the URL and uses public_send to dispatch to that preview without verifying it is an ex...
CVE-2024-21636
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...
Cross Site Scripting (XSS)
viewcomponent is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper rendering of a component directly from the controller with the viewcomponent gem. This issue can be exploited by an attacker to inject malicious Javascript into the webpage...
GHSA-WF2X-8W6J-QW37 view_component Cross-site Scripting vulnerability
Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...
view_component Cross-site Scripting vulnerability
Impact What kind of vulnerability is it? Who is impacted? This is an XSS vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template...
CVE-2024-21636
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...
CVE-2024-21636 view_component Cross-site Scripting vulnerability
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...
CVE-2024-21636 view_component Cross-site Scripting vulnerability
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...
CVE-2024-21636
CVE-2024-21636 affects the ViewComponent framework for Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 allow cross-site scripting when a component defines a #call method and returns unescaped content, and when #output_postamble also returns unescaped content. The vulnerability applies to render...
CVE-2022-24722 Cross-site Scripting in view_component
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an...
GHSA-CM9W-C4RJ-R2CF Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.29.1 and 2.49.1 have been released...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
This is an XSS vulnerability that has the potential to impact anyone using translations with the viewcomponent gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.29.1 and 2.49.1 have been released...