VulnerableCode Package Details - pkg:rpm/redhat/rh-ruby23-rubygem-nokogiri@1.8.1-2?arch=el7cf

Search for packages

Vulnerability	Summary	Fixed by
VCID-65ha-wgr4-eqd4 Aliases: CVE-2013-4492 GHSA-r5hc-9xx5-97rw	Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.	There are no reported fixed by versions.
VCID-a11q-3bvq-a3e3 Aliases: CVE-2017-12148	Tower: modification of git hooks in SCM repo via upstream playbook execution	There are no reported fixed by versions.
VCID-e25e-yb1v-qqcw Aliases: CVE-2017-11610 GHSA-x7c8-4x3h-874w PYSEC-2017-41	The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.	There are no reported fixed by versions.
VCID-rqh3-c53s-vuee Aliases: CVE-2017-15125	cloudforms: XSS in self-service UI snapshot feature	There are no reported fixed by versions.
VCID-twkw-1514-nygx Aliases: CVE-2017-2664	CloudForms: lack of RBAC on various methods in web UI	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-65ha-wgr4-eqd4
Aliases:
CVE-2013-4492
GHSA-r5hc-9xx5-97rw

Reflective XSS Vulnerability When a translation is missing, the HTML exception message raised does not escape the keys. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.