Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-26143 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-26143

Medium
Reference: CVE-2024-26143
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-26143
Title: Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate or t on a controller with a key ending in quot_htmlquot a :default key which contains untrusted user input and the resulting string is used in a view may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.