ankane

4 exploits Active since Jun 2019
CVE-2019-18841 WRITEUP HIGH WRITEUP
Chartkick.js <3.1.4 - Info Disclosure
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS 7.3
CVE-2019-12732 WRITEUP MEDIUM WRITEUP
Chartkick < 3.1.0 - Cross-Site Scripting
The Chartkick gem through 3.1.0 for Ruby allows XSS.
CVSS 4.7
CVE-2020-16253 WRITEUP HIGH WRITEUP
pghero < 2.6.0 - Cross-Site Request Forgery
The PgHero gem through 2.6.0 for Ruby allows CSRF.
CVSS 8.1
CVE-2020-16254 WRITEUP MEDIUM WRITEUP
Chartkick < 3.3.2 - CSS Injection
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
CVSS 6.1