Search Results (Refine Search)
- CPE Product Version: cpe:/a:rubyonrails:actionview:6.0.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-5267 |
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. Published: March 19, 2020; 2:15:16 PM -0400 |
V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |