Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails rails vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-3741
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on tar...
Rubyonrails Html Sanitizer
1 Github repository
8.1
CVSSv3
CVE-2017-17917
SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that th...
Rubyonrails Rails
1 Github repository
8.1
CVSSv3
CVE-2017-17916
SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Rails
8.1
CVSSv3
CVE-2017-17919
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states th...
Rubyonrails Ruby On Rails
8.1
CVSSv3
CVE-2017-17920
SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states tha...
Rubyonrails Ruby On Rails
5.3
CVSSv3
CVE-2016-2097
Directory traversal vulnerability in Action View in Ruby on Rails prior to 3.2.22.2 and 4.x prior to 4.1.14.2 allows remote malicious users to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname...
Rubyonrails Rails 4.0.4
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.7
7.3
CVSSv3
CVE-2016-2098
Action Pack in Ruby on Rails prior to 3.2.22.2, 4.x prior to 4.1.14.2, and 4.2.x prior to 4.2.5.2 allows remote malicious users to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
Debian Debian Linux 8.0
Rubyonrails Rails 4.2.4
Rubyonrails Rails 4.2.3
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.1.9
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.12
Rubyonrails Rails 4.1.10
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.0.5
Rubyonrails Rails 4.0.1
Rubyonrails Ruby On Rails
Rubyonrails Rails 4.2.5
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.14
Rubyonrails Rails 4.1.13
Rubyonrails Rails 4.0.10
1 EDB exploit
10 Github repositories
6.1
CVSSv3
CVE-2015-7578
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via crafted tag attributes.
Rubyonrails Html Sanitizer
6.1
CVSSv3
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
6.1
CVSSv3
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »