CVE-2023-25309 (rollout-ui): Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5

ADVISORIES

CVE-2023-25309 (NVD)
GHSA-5xq9-h3j2-jxvc

GEM

rollout-ui

SEVERITY

CVSS v3.x: 6.1 (Medium)

PATCHED VERSIONS

>= 0.5.3

DESCRIPTION

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.

https://nvd.nist.gov/vuln/detail/CVE-2023-25309
https://github.com/fetlife/rollout-ui/releases/tag/v0.5.3
https://github.com/fetlife/rollout-ui/pull/15
https://github.com/fetlife/rollout-ui/pull/15/commits/6d202d2cbcae3dd9b92c1f5ab7be17b48d78c045
https://advisories.gitlab.com/pkg/gem/rollout-ui/CVE-2023-25309
https://github.com/advisories/GHSA-5xq9-h3j2-jxvc

RubySec

CVE-2023-25309 (rollout-ui): Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories