CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 3CVE-2020-5267 – Possible XSS vulnerability in ActionView
https://notcve.org/view.php?id=CVE-2020-5267
19 Mar 2020 — In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. En ActionView versiones anteriores a 6.0.2.2 y 5.2.4.2, se presenta una posible vulnerabilidad de tipo XSS en los asistentes de escape literal de JavaScript de ActionView. Las vistas que usan los métodos "j" o "escape_javascript" p... • https://github.com/GUI/legacy-rails-CVE-2020-5267-patch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •