oxidized-web is vulnerable to cross-site scripting. The vulnerability exists in conf_search.haml
due to manipulation of the argument to_research
which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
oxidized-web | le | 0.13.1 | |
oxidized-web | le | 0.13.1 |