GUI

1 exploit Active since Mar 2020
CVE-2020-5267 NOMISEC MEDIUM WRITEUP
ActionView < 5.2.4.2 - Cross-Site Scripting via JavaScript Literal Escape Helpers
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
1 stars
CVSS 4.0