0.001 Low
EPSS
Percentile
21.8%
rails is vulnerable to cross-site scripting(XSS) attacks. The use of the innerHTML in checkNoMatch function allows a remote authenticated attacker to inject and execute malicious JavaScript on victim’s browser.
innerHTML
checkNoMatch
github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4
github.com/rails/rails/issues/46244
github.com/rails/rails/pull/46269
vuldb.com/?id.212319