VYPR

rpm package

suse/rubygem-actionview-5_1&distro=SUSE Linux Enterprise High Availability Extension 15 SP2

pkg:rpm/suse/rubygem-actionview-5_1&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2

Vulnerabilities (4)

  • CVE-2023-23913MedJan 9, 2025
    affected < 5.1.4-150000.3.9.1fixed 5.1.4-150000.3.9.1

    There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a

  • CVE-2022-27777May 26, 2022
    affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1

    A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

  • CVE-2020-15169Sep 11, 2020
    affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1

    In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS

  • CVE-2020-8167Jun 19, 2020
    affected < 5.1.4-150000.3.6.1fixed 5.1.4-150000.3.6.1

    A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.