Количество 13
Количество 13
GHSA-cfjv-5498-mph5
XSS in Action View
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
CVE-2020-15169
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...
BDU:2021-03552
Уязвимость функции translate из translation_helper.rb программной платформы Ruby on Rails, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
ROS-20250625-07
Уязвимость rubygem-actionview
SUSE-SU-2023:2059-1
Security update for rubygem-actionview-5_1
openSUSE-SU-2020:2000-1
Security update for rmt-server
openSUSE-SU-2020:1993-1
Security update for rmt-server
SUSE-SU-2020:3160-1
Security update for rmt-server
SUSE-SU-2020:3147-1
Security update for rmt-server
SUSE-SU-2020:3036-1
Security update for rmt-server
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-cfjv-5498-mph5 XSS in Action View | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-15169 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-15169 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-15169 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
| CVE-2020-15169 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ... | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
 | BDU:2021-03552 Уязвимость функции translate из translation_helper.rb программной платформы Ruby on Rails, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
 | ROS-20250625-07 Уязвимость rubygem-actionview | CVSS3: 6.1 | 1% Низкий | 7 месяцев назад |
 | SUSE-SU-2023:2059-1 Security update for rubygem-actionview-5_1 | больше 2 лет назад | ||
| openSUSE-SU-2020:2000-1 Security update for rmt-server | около 5 лет назад | ||
| openSUSE-SU-2020:1993-1 Security update for rmt-server | около 5 лет назад | ||
| SUSE-SU-2020:3160-1 Security update for rmt-server | около 5 лет назад | ||
| SUSE-SU-2020:3147-1 Security update for rmt-server | около 5 лет назад | ||
| SUSE-SU-2020:3036-1 Security update for rmt-server | около 5 лет назад |
Уязвимостей на страницу