CVE-2022-27777

Опубликовано: 27 апр. 2022

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

A flaw was found in rubygem-actionview when untrusted data such as the hash key for tag attributes are not properly escaped. This flaw allows an attacker to perform a Cross-site scripting attack.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	actionview	Out of support scope
Red Hat 3scale API Management Platform 2	actionview	Will not fix
Red Hat Satellite 6.13 for RHEL 8	rubygem-actionview	Fixed	RHSA-2023:2097	03.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2080296tfm-rubygem-actionview: Possible cross-site scripting vulnerability in Action View tag helpers

EPSS

Процентиль: 77%

0.0107

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-27777

CVSS3: 6.1

ubuntu

больше 3 лет назад

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

CVE-2022-27777

CVSS3: 6.1

nvd

больше 3 лет назад

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

CVE-2022-27777

CVSS3: 6.1

debian

больше 3 лет назад

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ...

SUSE-SU-2022:3621-1

suse-cvrf

больше 3 лет назад

Security update for rubygem-activesupport-5_1

GHSA-ch3h-j2vf-95pv

CVSS3: 6.1

github

почти 4 года назад

XSS Vulnerability in Action View tag helpers

EPSS

Процентиль: 77%

0.0107

Низкий

7.5 High

CVSS3