CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37116 – WordPress Sinatra theme <= 1.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37116
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sinatrateam Sinatra allows Stored XSS.This issue affects Sinatra: from n/a through 1.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en sinatrateam Sinatra permite XSS almacenado. Este problema afecta a Sinatra: desde n/a hasta 1.3. The Sinatra theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions ... • https://patchstack.com/database/vulnerability/sinatra/wordpress-sinatra-theme-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29970 – sinatra: path traversal possible outside of public_dir when serving static files
https://notcve.org/view.php?id=CVE-2022-29970
02 May 2022 — Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Sinatra versiones anteriores a 2.2.0, no comprueba que la ruta expandida coincida con public_dir cuando sirve archivos estáticos A flaw was found in Sinatra when serving static files from the public directory. The requested path is not validated if it is in the public directory, allowing files outside of the public directory to be served. Red Hat Satellite is a systems management tool for Linux-based ... • https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2018-11627 – rubygem-sinatra: XSS in the 400 Bad Request page
https://notcve.org/view.php?id=CVE-2018-11627
31 May 2018 — Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Sinatra en versiones anteriores a la 2.0.2 tiene Cross-Site Scripting (XSS) a través de la página 400 Bad Request que se produce en una excepción del analizador de parámetros. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller fram... • https://access.redhat.com/errata/RHSA-2019:0212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •