Cross-site Scripting (XSS)

🗓️ 07 Nov 2018 02:13:30Reported by Veracode Vulnerability DatabaseType

The software is vulnerable to cross-site scripting (XSS) attacks due to lack of sanitization in 'Rack::Request' 'scheme' method

Reporter	Title	Published	Views	Family All 82
BDU FSTEC	The vulnerability of the Rack module in the Ruby programming language allows attackers to compromise data integrity.	1 Oct 201900:00	–	bdu_fstec
CNVD	Rack Cross-Site Scripting Vulnerability	15 Nov 201800:00	–	cnvd
CVE	CVE-2018-16471	13 Nov 201823:00	–	cve
Cvelist	CVE-2018-16471	13 Nov 201823:00	–	cvelist
Debian	[SECURITY] [DLA 1585-1] ruby-rack security update	21 Nov 201813:27	–	debian
Debian CVE	CVE-2018-16471	13 Nov 201823:00	–	debiancve
Tenable Nessus	Debian DLA-1585-1 : ruby-rack security update	23 Nov 201800:00	–	nessus
Tenable Nessus	Fedora 28 : 1:rubygem-rack (2018-02e965a729)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : 1:rubygem-rack (2018-5743ef02a1)	28 Nov 201800:00	–	nessus
Tenable Nessus	Fedora 29 : 1:rubygem-rack (2018-e8ff8b7f8e)	3 Jan 201900:00	–	nessus

Vulners

Node

rack_project rackRange2.0.0.alpha–2.0.5ruby

rack_project rackRange0.1.0–1.6.10ruby

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2018/11/msg00022.html
github	www.github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594
github	www.github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7
groups	www.groups.google.com/forum/
lists	www.lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html
github	www.github.com/rubysec/ruby-advisory-db/pull/369
usn	www.usn.ubuntu.com/4089-1/

08 Nov 2023 00:18Current

5.6Medium risk

Vulners AI Score5.6

CVSS 24.3

CVSS 36.1

EPSS0.01816