Description
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3648 Vulnerability (CVE-2017-3648)
WordPress Plugin LearnPress-WordPress LMS SQL Injection (4.1.3.2)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (7.3)
phpMyAdmin Other Vulnerability (CVE-2006-1804)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)