Moderate severityNVD Advisory· Published May 11, 2023· Updated Jan 27, 2025
CVE-2023-25309
CVE-2023-25309
Description
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rollout-uiRubyGems | < 0.5.3 | 0.5.3 |
Affected products
2- Fetlife/rollout-uidescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/advisories/GHSA-5xq9-h3j2-jxvcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25309ghsaADVISORY
- cxsecurity.com/issue/WLB-2023050012ghsaWEB
- github.com/fetlife/rollout-ui/commit/713d9c2edd4d7b0d8c287bea960d3c6bd2c5b306ghsaWEB
- github.com/fetlife/rollout-ui/pull/15ghsaWEB
- github.com/fetlife/rollout-ui/releases/tag/v0.5.3ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rollout-ui/CVE-2023-25309.ymlghsaWEB
- packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.htmlghsaWEB
- fetlife.commitre
- rollout-ui.commitre
News mentions
0No linked articles in our index yet.