{}

{}

{}

{"bugzilla": {"description": "rails: DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements", "id": "2182160", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting (XSS), which could lead to stolen information, phishing attacks, and other types of attacks."], "name": "CVE-2023-23913", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Will not fix", "package_name": "rails", "product_name": "Red Hat 3scale API Management Platform 2"}], "public_date": "2023-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-23913\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23913"], "threat_severity": "Moderate", "upstream_fix": "rails 6.1.7.3, rails 7.0.4.3"}