Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2023-28362
HistoryJul 13, 2023 - 4:35 p.m.

CVE-2023-28362

2023-07-1316:35:45
redhat.com
access.redhat.com
15
cross-site scripting
xss
http header
JSON

A Cross-site Scripting (XSS) vulnerability was found in Actionpack due to improper sanitization of user-supplied values. This allows provided values to contain characters that are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header.

Related

hackerone 1
veracode 1
nessus 2
github 1
openvas 1
osv 1
ubuntucve 1
ibm 2
debiancve 1
cve 1
rubygems 1
redhat 1
hackerone
hackerone
Ruby on Rails: Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.
2023-04-20 01:32:01
veracode
veracode
Cross-site Scripting (XSS)
2023-07-03 09:16:23
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:3229-1)
2023-08-09 00:00:00
RHEL 8 : Satellite 6.14.1 Async Security Update (Moderate) (RHSA-2023:7851)
2024-04-28 00:00:00
github
github
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
2023-06-29 15:03:16
openvas
openvas
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:3229-1)
2024-03-04 00:00:00
osv
osv
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
2023-06-29 15:03:16
ubuntucve
ubuntucve
CVE-2023-28362
2023-07-17 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2023-28362) and could allow cross-site scripting.
2023-09-22 08:32:45
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-07-27 09:18:06
debiancve
debiancve
CVE-2023-28362
2023-07-14 16:32:27
cve
cve
CVE-2023-28362
2023-07-14 16:32:27
rubygems
rubygems
Possible XSS via User Supplied Values to redirect_to
2023-06-25 21:00:00
redhat
redhat
(RHSA-2023:7851) Moderate: Satellite 6.14.1 Async Security Update
2023-12-14 16:20:36
JSON
Related for RH:CVE-2023-28362
hackerone1veracode1nessus2github1openvas1osv1ubuntucve1ibm2debiancve1cve1rubygems1redhat1