CVE-2019-25088

Name of the Vulnerable Software and Affected Versions ytti Oxidized Web (affected versions not specified)

Description A vulnerability was found in ytti Oxidized Web, classified as problematic. The issue affects an unknown function of the file lib/oxidized/web/views/conf search.haml. The manipulation of the argument to research leads to cross-site scripting. It is possible to launch the attack remotely.

Recommendations To fix this issue, it is recommended to apply a patch. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45. As a temporary workaround, consider restricting access to the vulnerable file lib/oxidized/web/views/conf search.haml until a patch is applied. Avoid using the argument to research in the affected function until the issue is resolved.