rpm package
suse/rubygem-actionview-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP1
pkg:rpm/suse/rubygem-actionview-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-23913 | Med | 6.3 | < 5.1.4-150000.3.9.1 | 5.1.4-150000.3.9.1 | Jan 9, 2025 | There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a | |
| CVE-2022-27777 | — | < 5.1.4-150000.3.6.1 | 5.1.4-150000.3.6.1 | May 26, 2022 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||
| CVE-2020-15169 | — | < 5.1.4-150000.3.6.1 | 5.1.4-150000.3.6.1 | Sep 11, 2020 | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS | ||
| CVE-2020-8167 | — | < 5.1.4-150000.3.6.1 | 5.1.4-150000.3.6.1 | Jun 19, 2020 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | ||
| CVE-2020-5267 | — | < 5.1.4-3.3.1 | 5.1.4-3.3.1 | Mar 19, 2020 | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. |
- affected < 5.1.4-150000.3.9.1fixed 5.1.4-150000.3.9.1
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a
- CVE-2022-27777May 26, 2022affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
- CVE-2020-15169Sep 11, 2020affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS
- CVE-2020-8167Jun 19, 2020affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
- CVE-2020-5267Mar 19, 2020affected < 5.1.4-3.3.1fixed 5.1.4-3.3.1
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.