Loading HuntDB...

GHSA-8qwh-rm6c-jv96

GitHub Security Advisory

Oxidized Web vulnerable to Cross-site Scripting

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file `lib/oxidized/web/views/conf_search.haml`. The manipulation of the argument `to_research` leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier assigned to this vulnerability.

Affected Packages

RubyGems oxidized-web
Affected versions: 0 (last affected: 0.13.1)

Related CVEs

Key Information

GHSA ID
GHSA-8qwh-rm6c-jv96
Published
December 27, 2022 12:30 PM
Last Modified
March 1, 2024 2:22 PM
CVSS Score
5.0 /10
Primary Ecosystem
RubyGems
Primary Package
oxidized-web
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.