RSS   Vulnerabilities for 'Actionview'   RSS

2020-03-19
 
CVE-2020-5267

CWE-79
 

 
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

 

 >>> Vendor: Rubyonrails 12 Products
Ruby on rails
Rails
Ruby on ra2000ils
Jquery-rails
Jquery-ujs
Web console
Html sanitizer
Active job
Active storage
Actionview
Actionpack page-caching
Active resource


Copyright 2020, cxsecurity.com

 

Back to Top