Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5
Published: May 23, 2023
SECURITY IDENTIFIERS
- CVE: CVE-2023-25309 (NVD)
- GHSA: GHSA-5xq9-h3j2-jxvc
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
PATCHED VERSIONS
>= 0.5.3
DESCRIPTION
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
RELATED
- https://nvd.nist.gov/vuln/detail/CVE-2023-25309
- https://github.com/fetlife/rollout-ui/releases/tag/v0.5.3
- https://github.com/fetlife/rollout-ui/pull/15
- https://github.com/fetlife/rollout-ui/pull/15/commits/6d202d2cbcae3dd9b92c1f5ab7be17b48d78c045
- https://advisories.gitlab.com/pkg/gem/rollout-ui/CVE-2023-25309
- https://github.com/advisories/GHSA-5xq9-h3j2-jxvc