Veracode Vulnerability DatabaseVERACODE:45668Cross-Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
Rails is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of user input in the translation helpers, specifically in the handling of the default option. This flaw allows an attacker to inject malicious JavaScript code into the browser, resulting in Cross-Site scripting (XSS).
References
discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
github.com/advisories/GHSA-9822-6m93-xqf4
github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
security.netapp.com/advisory/ntap-20240510-0004/
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%