EPSS
Percentile
40.7%
oxidized-web is vulnerable to cross-site scripting. The vulnerability exists in conf_search.haml due to manipulation of the argument to_research which allows an attacker to inject and execute arbitrary javascript.
conf_search.haml
to_research
github.com/advisories/GHSA-8qwh-rm6c-jv96
github.com/ytti/oxidized-web/commit/55ab9bdc68b03ebce9280b8746ef31d7fdedcc45
github.com/ytti/oxidized-web/pull/195
vuldb.com/?ctiid.216870
vuldb.com/?id.216870