Security Advisory

CVE-2023-23913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-09 00:33:47

Last updated 2025-01-09 17:09:39

Assigner hackerone

State PUBLISHED

Description

There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

← Browse all CVEs View on cve.org ↗