CVE-2023-25309
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gem/rollout-ui
Identifiers
CVE-2023-25309
Package Slug
gem/rollout-ui
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
Affected Versions
All versions up to 0.5
Solution
Upgrade to version 0.5.1 or above.
Last Modified
2023-05-22
| source |