Skip to main content

Chartkick

2 CVEs product

Monthly

CVE-2020-16254 Ruby MEDIUM POC PATCH This Month

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Chartkick
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-12732 Ruby MEDIUM POC PATCH This Month

The Chartkick gem through 3.1.0 for Ruby allows XSS. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Chartkick
NVD GitHub
CVSS 3.0
4.7
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Chartkick
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

The Chartkick gem through 3.1.0 for Ruby allows XSS. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Chartkick
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy