A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
References
Link | Resource |
---|---|
https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 | Exploit Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2023/dsa-5372 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2022-05-26 10:15
Updated : 2023-03-14 01:15
NVD link : CVE-2022-27777
Mitre link : CVE-2022-27777
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
debian
- debian_linux
rubyonrails
- actionpack