Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rails Possible XSS Vulnerability in Action Controller
Vulnerability Description
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Rails 安全漏洞
Vulnerability Description
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails 7.0.0及之前版本存在安全漏洞,该漏洞源于在Action Controller中使用翻译助手时存在跨站脚本(XSS)漏洞。
CVSS Information
N/A
Vulnerability Type
N/A