Zack Deveau

CVE-2023-23913 WRITEUP MEDIUM WRITEUP

Rails-ujs - XSS

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

CVSS 6.3

View Code

CVE-2023-28362 WRITEUP MEDIUM WRITEUP

Rails - Open Redirect

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

CVSS 4.0

View Code

CVE-2024-28103 WRITEUP MEDIUM WRITEUP

Rails < 6.1.7.8 - Improper Input Validation

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

CVSS 5.4

View Code

CVE-2024-32464 WRITEUP MEDIUM WRITEUP

Action Text <7.1.3.4,7.2.0.beta2 - XSS

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.

CVSS 6.1

View Code