|Max CVSS||6.5||Min CVSS||1.9||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
|04-05-2021 - 09:08||07-12-2013 - 00:55|
Nokogiri before 1.5.4 is vulnerable to XXE attacks
|25-02-2020 - 18:35||19-02-2020 - 15:15|
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
|22-11-2019 - 09:15||27-03-2018 - 17:29|
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca
|09-10-2019 - 23:40||30-03-2018 - 19:29|
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or
|09-10-2019 - 23:27||27-07-2018 - 13:29|
|09-10-2019 - 23:24||27-07-2018 - 15:29|
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
|26-02-2019 - 15:03||31-05-2018 - 19:29|
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
|05-01-2018 - 02:30||08-06-2017 - 18:29|
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
|15-06-2017 - 19:56||08-06-2017 - 18:29|
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain priv
|18-04-2016 - 12:36||11-04-2016 - 21:59|