Download
| Alert*
|
oval:org.secpod.oval:def:505115
Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A rem ... oval:org.secpod.oval:def:505059 Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could u ... oval:org.secpod.oval:def:504870 Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component, and Active Record implements the model component. Security Fix in rubygem-actionview: * It was discovered that Action View tag helpers did not escape quotes when using stri ... oval:org.secpod.oval:def:504898 Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A rem ... oval:org.secpod.oval:def:111263 Simple, battle-tested conventions and helpers for building web pages. oval:org.secpod.oval:def:111260 Simple, battle-tested conventions and helpers for building web pages. oval:org.secpod.oval:def:602597 Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. |
