Approved changes feed: RSS · Atom
cpe:2.3:a:rails:rails-ujs:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Rails (c2f75d8c-3de5-5ca8-bae8-6b2589edf586) |
|---|---|
| Product | Rails Ujs (469f6563-f423-59a6-b114-69b46b428517) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-23913 |
vulnerable | 2026-06-08 05:56:04.778055 |
Details available
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.
Published: 2025-01-09T00:33:47.769Z
Updated: 2025-01-09T17:09:39.091Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.