) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- CPE Product Version: cpe:/a:rubyonrails:actionview:6.0.0
There are 1 matching records.
Displaying matches 1 through 1.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2020-5267 |
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. Published: March 19, 2020; 2:15:16 PM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |