Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:41112
HistoryJul 03, 2023 - 9:16 a.m.

Cross-site Scripting (XSS)

2023-07-0309:16:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
actionpack
xss
redirect_to
vulnerability
url
illegal characters
rfc compliance
http response headers
cross-site scripting attacks
redirecting.rb
downstream services
JSON

actionpack is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the redirect_to functio of redirecting.rb does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header, possibly resulting in cross-site scripting attacks.

Related

ubuntucve 1
osv 1
hackerone 1
cve 1
ibm 2
debiancve 1
rubygems 1
nessus 2
redhatcve 1
openvas 1
github 1
redhat 1
ubuntucve
ubuntucve
CVE-2023-28362
2023-07-17 00:00:00
osv
osv
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
2023-06-29 15:03:16
hackerone
hackerone
Ruby on Rails: Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.
2023-04-20 01:32:01
cve
cve
CVE-2023-28362
2023-07-14 16:32:27
ibm
ibm
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2023-28362) and could allow cross-site scripting.
2023-09-22 08:32:45
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-07-27 09:18:06
debiancve
debiancve
CVE-2023-28362
2023-07-14 16:32:27
rubygems
rubygems
Possible XSS via User Supplied Values to redirect_to
2023-06-25 21:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)
2023-08-09 00:00:00
RHEL 8 : Satellite 6.14.1 Async Security Update (Moderate) (RHSA-2023:7851)
2024-04-28 00:00:00
redhatcve
redhatcve
CVE-2023-28362
2023-07-13 16:35:45
openvas
openvas
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3229-1)
2024-03-04 00:00:00
github
github
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
2023-06-29 15:03:16
redhat
redhat
(RHSA-2023:7851) Moderate: Satellite 6.14.1 Async Security Update
2023-12-14 16:20:36
JSON
Related for VERACODE:41112
ubuntucve1osv1hackerone1cve1ibm2debiancve1rubygems1nessus2redhatcve1openvas1github1redhat1