Описание
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-25309
- https://github.com/fetlife/rollout-ui/pull/15
- https://github.com/fetlife/rollout-ui/commit/713d9c2edd4d7b0d8c287bea960d3c6bd2c5b306
- https://cxsecurity.com/issue/WLB-2023050012
- https://github.com/fetlife/rollout-ui/releases/tag/v0.5.3
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rollout-ui/CVE-2023-25309.yml
- https://packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.html
Пакеты
Наименование
rollout-ui
rubygems
Затронутые версииВерсия исправления
< 0.5.3
0.5.3
Связанные уязвимости
CVSS3: 6.1
nvd
больше 2 лет назад
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.