6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.6 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
CPE | Name | Operator | Version |
---|---|---|---|
rails | eq | 3.1.0.beta1 | |
rails | eq | 4.2.0.beta1 | |
rails | eq | 3.2.0.rc1 | |
rails | eq | 6.1.0.rc1 | |
rails | eq | 2.1.0_RC1 | |
rails | eq | 3.0.0.beta.2 | |
rails | eq | 2.3.2.1 | |
rails | eq | 7.0.0.alpha1 | |
rails | eq | 7.0.0.alpha2 | |
rails | eq | 0.10.1 |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.6 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.1%