|Max CVSS||9.0||Min CVSS||3.5||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
|04-05-2021 - 09:08||07-12-2013 - 00:55|
Nokogiri before 1.5.4 is vulnerable to XXE attacks
|25-02-2020 - 18:35||19-02-2020 - 15:15|
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
|22-11-2019 - 09:15||27-03-2018 - 17:29|
There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes ca
|09-10-2019 - 23:40||30-03-2018 - 19:29|
|09-10-2019 - 23:24||27-07-2018 - 15:29|
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook sour
|09-10-2019 - 23:22||27-07-2018 - 16:29|
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace looku
|03-10-2019 - 00:03||23-08-2017 - 14:29|
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
|26-02-2019 - 15:03||31-05-2018 - 19:29|