RubyGems package
oxidized-web
pkg:gem/oxidized-web
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27590 | — | < 0.15.0 | 0.15.0 | Mar 3, 2025 | In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web. | ||
| CVE-2019-25088 | — | <= 0.13.1 | — | Dec 27, 2022 | A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the att |
- CVE-2025-27590Mar 3, 2025affected < 0.15.0fixed 0.15.0
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
- CVE-2019-25088Dec 27, 2022affected <= 0.13.1
A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the att