{"url":"http://public2.vulnerablecode.io/api/packages/50000?format=json","purl":"pkg:gem/actionview@6.0.4.8","type":"gem","namespace":"","name":"actionview","version":"6.0.4.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.2.3.1","latest_non_vulnerable_version":"8.1.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17833?format=json","vulnerability_id":"VCID-19fr-55kr-hyax","summary":"rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements\nNOTE: rails-ujs is part of Rails/actionview since 5.1.0.\n\nThere is a potential DOM based cross-site scripting issue in rails-ujs\nwhich leverages the Clipboard API to target HTML elements that are\nassigned the contenteditable attribute. This has the potential to\noccur when pasting malicious HTML content from the clipboard that\nincludes a data-method, data-remote or data-disable-with attribute.\n\nThis vulnerability has been assigned the CVE identifier CVE-2023-23913.\n\nNot affected: < 5.1.0\nVersions Affected: >= 5.1.0\nFixed Versions: 6.1.7.3, 7.0.4.3\n\nImpact\nIf the specified malicious HTML clipboard content is provided to a\ncontenteditable element, this could result in the arbitrary execution\nof javascript on the origin in question.\n\nReleases\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\nWe recommend that all users upgrade to one of the FIXED versions.\nIn the meantime, users can attempt to mitigate this vulnerability\nby removing the contenteditable attribute from elements in pages\nthat rails-ujs will interact with.\n\nPatches\nTo aid users who aren’t able to upgrade immediately we have provided\npatches for the two supported release series. They are in git-am\nformat and consist of a single changeset.\n\n* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series\n* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are\nsupported at present, and 6.0.Z for severe vulnerabilities.\n\nUsers of earlier unsupported releases are advised to upgrade as\nsoon as possible as we cannot guarantee the continued availability\nof security fixes for unsupported releases.\n\nCredits\nWe would like to thank ryotak 15 for reporting this!\n\n* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30226","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30269","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35509","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35627","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35856","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35905","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35918","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23913"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd"},{"reference_url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007"},{"reference_url":"https://www.debian.org/security/2023/dsa-5389","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://www.debian.org/security/2023/dsa-5389"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160","reference_id":"2182160","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2182160"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913","reference_id":"CVE-2023-23913","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23913"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml","reference_id":"CVE-2023-23913.YML","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml"},{"reference_url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q","reference_id":"GHSA-xp5h-f8jf-rc8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp5h-f8jf-rc8q"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240605-0007/","reference_id":"ntap-20240605-0007","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240605-0007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57870?format=json","purl":"pkg:gem/actionview@6.1.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.1.7.3"},{"url":"http://public2.vulnerablecode.io/api/packages/57871?format=json","purl":"pkg:gem/actionview@7.0.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.4.3"}],"aliases":["CVE-2023-23913","GHSA-xp5h-f8jf-rc8q"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24334?format=json","vulnerability_id":"VCID-96qr-hdbp-p7ff","summary":"Rails has a possible XSS vulnerability in its Action View tag helpers\n### Impact\nWhen a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected.\n\n### Releases\nThe fixed releases are available at the normal locations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33168","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06211","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06185","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06203","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06199","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07009","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c"},{"reference_url":"https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d"},{"reference_url":"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924"},{"reference_url":"https://github.com/rails/rails/releases/tag/v7.2.3.1","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/releases/tag/v7.2.3.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v8.0.4.1","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/releases/tag/v8.0.4.1"},{"reference_url":"https://github.com/rails/rails/releases/tag/v8.1.2.1","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/releases/tag/v8.1.2.1"},{"reference_url":"https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/"}],"url":"https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33168","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035","reference_id":"1132035","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450549","reference_id":"2450549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450549"},{"reference_url":"https://github.com/advisories/GHSA-v55j-83pf-r9cq","reference_id":"GHSA-v55j-83pf-r9cq","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v55j-83pf-r9cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67510?format=json","purl":"pkg:gem/actionview@7.2.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67508?format=json","purl":"pkg:gem/actionview@8.0.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.0.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/67506?format=json","purl":"pkg:gem/actionview@8.1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@8.1.2.1"}],"aliases":["CVE-2026-33168","GHSA-v55j-83pf-r9cq"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96qr-hdbp-p7ff"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13941?format=json","vulnerability_id":"VCID-p5mc-r1rg-5ff7","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777","reference_id":"","reference_type":"","scores":[{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75908","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75768","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75801","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.7578","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75812","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75824","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75848","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75829","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75823","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.7586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75864","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75849","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75896","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796"},{"reference_url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rails/rails","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails"},{"reference_url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85"},{"reference_url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"reference_url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released"},{"reference_url":"https://www.debian.org/security/2023/dsa-5372","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2023/dsa-5372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982","reference_id":"1016982","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296","reference_id":"2080296","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080296"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777","reference_id":"CVE-2022-27777","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27777"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml","reference_id":"CVE-2022-27777.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml"},{"reference_url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv","reference_id":"GHSA-ch3h-j2vf-95pv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch3h-j2vf-95pv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2097","reference_id":"RHSA-2023:2097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2097"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49998?format=json","purl":"pkg:gem/actionview@5.2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19fr-55kr-hyax"},{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@5.2.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50000?format=json","purl":"pkg:gem/actionview@6.0.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19fr-55kr-hyax"},{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/50001?format=json","purl":"pkg:gem/actionview@6.1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19fr-55kr-hyax"},{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/50002?format=json","purl":"pkg:gem/actionview@7.0.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19fr-55kr-hyax"},{"vulnerability":"VCID-96qr-hdbp-p7ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@7.0.2.4"}],"aliases":["CVE-2022-27777","GHSA-ch3h-j2vf-95pv","GMS-2022-1138"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5mc-r1rg-5ff7"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/actionview@6.0.4.8"}