Описание
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escape_javascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Ссылки
- Mailing ListThird Party Advisory
- ExploitMailing ListPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitMailing ListPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
4 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...
EPSS
4 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2