VYPR
Moderate severityNVD Advisory· Published Mar 19, 2020· Updated Aug 4, 2024

Possible XSS vulnerability in ActionView

CVE-2020-5267

Description

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escape_javascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
actionviewRubyGems
< 5.2.4.25.2.4.2
actionviewRubyGems
>= 6.0.0, < 6.0.2.26.0.2.2

Affected products

19

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.