[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

Disclosed: 2023-09-07 22:02:47 By ryotak To ibb

Medium

Vulnerability Details

# Summary Original report: https://hackerone.com/reports/1767802 ## Impact If the specified malicious HTML clipboard content is provided to a `contenteditable` element, this could result in the arbitrary execution of javascript on the origin in question.

Actions

View on HackerOne

Report Stats

Report ID: 2125679
State: Closed
Substate: resolved
Upvotes: 5

[CVE-2023-23913] DOM Based Cross-site Scripting in rails-ujs for contenteditable HTML Elements

Vulnerability Details

Actions

Report Stats

Share this report