Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.
Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1.
The application is vulnerable to Cross-Site Request Forgery because of the lack of "protect_from_forgery" in the Rails controllers.