CVE-2023-23913

9 Ene 2025

Jose Alexis Correa Valencia
0 Comentarios

Título es

CVE-2023-23913

Jue, 09/01/2025 – 01:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2023-23913

Descripción en

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

09/01/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263

https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

https://security.netapp.com/advisory/ntap-20240605-0007/

https://www.debian.org/security/2023/dsa-5389

Enviar en el boletín

Off