| CVE-2022-27777 |
high |
— |
8.0 |
|
|
|
4y ago |
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. |
| CVE-2016-6316 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or… |
| CVE-2016-2097 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted u… |
| CVE-2011-0446 |
medium |
— |
4.3 |
|
|
|
9y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbi… |
| CVE-2026-33168 |
low |
— |
2.5 |
|
|
|
2mo ago |
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in… |
| CVE-2019-5418 |
unknown |
— |
2.5 |
|
|
|
7y ago |
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server… |
| CVE-2016-0752 |
unknown |
— |
2.5 |
|
|
|
11y ago |
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. |
| CVE-2020-8163 |
unknown |
— |
1.0 |
|
|
|
6y ago |
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. |
| CVE-2023-23913 |
unknown |
— |
— |
|
|
|
3y ago |
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potentia… |
| CVE-2020-15169 |
unknown |
— |
— |
|
|
|
6y ago |
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default… |
| CVE-2020-8167 |
unknown |
— |
— |
|
|
|
6y ago |
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. |
| CVE-2020-5267 |
unknown |
— |
— |
|
|
|
6y ago |
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may b… |
| CVE-2019-5419 |
unknown |
— |
— |
|
|
|
7y ago |
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and… |
