Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.
Rubyonrails Rails Html Sanitizers
Debian Debian Linux 10.0
Loofah Project Loofah
6.1
CVSSv3
CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3#...
Rubyonrails Rails Html Sanitizers
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-22577
An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an malicious user to bypass CSP for non HTML like responses.
Rubyonrails Actionpack
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2022-27777
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an malicious user to inject content if able to control input into specific attributes.
Rubyonrails Actionpack
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an malicious user to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect u...
Rubyonrails Rails 7.0.0
Rubyonrails Rails 6.1.4.2
Rubyonrails Rails 6.0.4.2
6.1
CVSSv3
CVE-2011-1497
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Rubyonrails Rails
6.1
CVSSv3
CVE-2021-22942
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow malicious users to redirect users to a malicious website.
Rubyonrails Rails
6.1
CVSSv3
CVE-2021-22903
The actionpack ruby gem prior to 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious we...
Rubyonrails Rails 6.1.0
Rubyonrails Rails
6.1
CVSSv3
CVE-2021-22881
The Host Authorization middleware in Action Pack prior to 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redi...
Rubyonrails Rails
Fedoraproject Fedora 33
6.1
CVSSv3
CVE-2020-8264
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an malicious user to send or embed (in another page) a specially crafted URL which can allow the malicious user to execute JavaScript in the context of t...
Rubyonrails Rails
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »