Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9chr-4fjh-5rgw: Cross-site Scripting in actionpack

actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. There are no known workarounds for this issue.

ghsa
#xss#git#ruby

Cross-site Scripting in actionpack

Low severity GitHub Reviewed Published Oct 27, 2022 • Updated Oct 28, 2022

Related news

CVE-2022-3704: ¬ XSS within Route Error Page · Issue #46244 · rails/rails

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.