PT-2022-16830 · Unknown · Viewcomponent

Camertron

Published

2022-03-02

Updated

2022-03-10

CVE-2022-24722

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ViewComponent versions prior to 2.31.2 ViewComponent versions prior to 2.49.1

Description The issue is related to a cross-site scripting vulnerability in the view component gem, specifically affecting translations. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display.

Recommendations For versions prior to 2.31.2, update to version 2.31.2 or later to fully mitigate the vulnerability. For versions prior to 2.49.1, update to version 2.49.1 or later to fully mitigate the vulnerability. As a temporary workaround, consider avoiding passing user input to the translate function, or sanitize the inputs before passing them.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-24722

GHSA-CM9W-C4RJ-R2CF

Affected Products

Viewcomponent

PT-2022-16830 · Unknown · Viewcomponent

CVE-2022-24722

Weakness Enumeration

Related Identifiers

Affected Products

References · 10