CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28120 – rubygem-activesupport: Possible XSS in SafeBuffer#bytesplice
https://notcve.org/view.php?id=CVE-2023-28120
17 Apr 2023 — There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrusted user input, malicious code could be executed. Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regr... • https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •