CVE-2020-8264 - AskarLabs CVE Database

CVE-2020-8264

Vendor N/A

Product https://github.com/rails/rails

Weakness CWE-79 · XSS

Published January 6, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.

Key dates

02Disclosure timeline

January 6, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8264 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-56027 WordPress Leads CRM plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-42653 WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability CVE-2021-24338 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS) CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute CVE-2024-51673 WordPress HT Politic plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability