CVE-2023-25309: Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem
(updated )
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
References
- cxsecurity.com/issue/WLB-2023050012
- github.com/advisories/GHSA-5xq9-h3j2-jxvc
- github.com/fetlife/rollout-ui
- github.com/fetlife/rollout-ui/commit/713d9c2edd4d7b0d8c287bea960d3c6bd2c5b306
- github.com/fetlife/rollout-ui/pull/15
- github.com/fetlife/rollout-ui/releases/tag/v0.5.3
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rollout-ui/CVE-2023-25309.yml
- nvd.nist.gov/vuln/detail/CVE-2023-25309
- packetstormsecurity.com/files/172185/Rollout-UI-0.5-Cross-Site-Scripting.html
Code Behaviors & Features
Detect and mitigate CVE-2023-25309 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →