Skip to content

XSS/Script injection vulnerability in matestack

High severity GitHub Reviewed Published Feb 12, 2020 in matestack/matestack-ui-core • Updated May 22, 2023

Package

bundler matestack-ui-core (RubyGems)

Affected versions

< 0.7.4

Patched versions

0.7.4

Description

matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection.

This vulnerability is patched in version 0.7.4.

References

@jonasjabari jonasjabari published to matestack/matestack-ui-core Feb 12, 2020
Reviewed Feb 12, 2020
Published to the GitHub Advisory Database Feb 12, 2020
Last updated May 22, 2023

Severity

High
7.7
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Weaknesses

CVE ID

CVE-2020-5241

GHSA ID

GHSA-3jqw-vv45-mjhh

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.