Filtered by vendor Rubyonrails
Subscriptions
Filtered by product Actionpack
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33167 | 1 Rubyonrails | 1 Actionpack | 2026-03-25 | 5.4 Medium |
| Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development. Version 8.1.2.1 contains a patch. | ||||
| CVE-2022-27777 | 3 Debian, Redhat, Rubyonrails | 3 Debian Linux, Satellite, Actionpack | 2024-11-21 | 6.1 Medium |
| A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||||
| CVE-2022-22577 | 3 Debian, Redhat, Rubyonrails | 3 Debian Linux, Satellite, Actionpack | 2024-11-21 | 6.1 Medium |
| An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | ||||
Page 1 of 1.