Cross-Site Scripting (XSS)

2023-01-0215:00:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

oxidized-web

conf_search.haml

manipulation

to_research

arbitrary javascript

vulnerability

software

0.001 Low

EPSS

Percentile

41.2%

JSON

oxidized-web is vulnerable to cross-site scripting. The vulnerability exists in conf_search.haml due to manipulation of the argument to_research which allows an attacker to inject and execute arbitrary javascript.

CPENameOperatorVersion
oxidized-weble0.13.1
oxidized-weble0.13.1

CPE	Name	Operator	Version
	oxidized-web	le	0.13.1
	oxidized-web	le	0.13.1

References

github.com/advisories/GHSA-8qwh-rm6c-jv96

github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45

github.com/ytti/oxidized-web/pull/195

vuldb.com/?ctiid.216870

vuldb.com/?id.216870

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for VERACODE:38722