Home > Vulnerability Database > CVE-2023-23913

Mend.io Vulnerability Database

CVE-2023-23913

Good to know:

Date: January 19, 2023

There is a potential DOM based cross-site scripting issue in rails-ujs from 5.1.0 before 6.1.7.3 and 7.0.0 before 7.0.4.3, which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute.

Language: Ruby

Severity Score

6.1

Related Resources (5)

Url: https://security-tracker.debian.org/tracker/CVE-2023-23913

Url: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

Url: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23913

Url: https://www.mend.io/vulnerability-database/CVE-2023-23913

Severity Score

6.1

Top Fix

Upgrade Version

Upgrade to version rails - 6.1.7.3,7.0.4.3

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23913

Good to know:

Date: January 19, 2023

Language: Ruby

Severity Score

Related Resources (5)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?