CVE-2023-25309
gem/rollout-ui
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
All versions up to 0.5
Upgrade to version 0.5.1 or above.
2023-05-22
source |