[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-15169":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":74,"related":75,"reserved_at":9,"published_at":84,"modified_at":85,"state":86,"summary":87,"references_raw":96,"kevs":122,"epss":123,"epss_history":126,"metrics":387,"affected":403},"CVE-2020-15169","In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56,58,60,62,64,66,68,70,72],{"_key":49},"SUSE-SU-2020:2686-1",{"_key":51},"SUSE-SU-2020:3036-1",{"_key":53},"SUSE-SU-2020:3147-1",{"_key":55},"SUSE-SU-2020:3160-1",{"_key":57},"SUSE-SU-2023:2059-1",{"_key":59},"OPENSUSE-SU-2020:1993-1",{"_key":61},"OPENSUSE-SU-2020:2000-1",{"_key":63},"OPENSUSE-SU-2024:10589-1",{"_key":65},"DLA-2403-1",{"_key":67},"DSA-4766-1",{"_key":69},"DEBIAN-CVE-2020-15169",{"_key":71},"RHSA-2021:1313",{"_key":73},"UBUNTU-CVE-2020-15169",[],[76,77,78,79,80,81,82,83],{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},"2020-09-11T15:50:12.000Z","2024-08-04T13:08:22.436Z","Modified",{"cisa_kev":88,"cisa_ransomware":88,"cisa_vendor":9,"epss_severity":89,"epss_score":90,"severity":91,"severity_score":92,"severity_version":93,"severity_source":94,"severity_vector":95,"severity_status":86},false,"low",0.01184,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[97,105,111,116],{"url":98,"sources":99,"tags":101},"https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5",[100,94],"cve.org",[102,103,104],"X Refsource CONFIRM","Patch","Third Party Advisory",{"url":106,"sources":107,"tags":108},"https://www.debian.org/security/2020/dsa-4766",[100,94],[109,110,104],"Vendor Advisory","X Refsource DEBIAN",{"url":112,"sources":113,"tags":114},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/",[100,94],[109,115],"X Refsource FEDORA",{"url":117,"sources":118,"tags":119},"https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html",[100,94],[120,121,104],"Mailing List","X Refsource MLIST",[],{"date":124,"score":90,"percentile":125},"2026-06-04",0.7912,[127,131,134,136,139,142,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,198,201,203,206,210,213,216,219,222,225,227,230,233,236,239,242,245,248,251,254,257,260,263,266,268,271,274,277,280,283,286,289,292,295,298,301,304,306,308,311,313,316,319,322,325,328,331,334,337,340,343,346,348,351,354,357,360,363,366,369,372,374,377,379,381,384],{"date":128,"score":129,"percentile":130},"2025-11-04",0.0115,0.77805,{"date":132,"score":129,"percentile":133},"2025-11-05",0.77807,{"date":135,"score":129,"percentile":133},"2025-11-06",{"date":137,"score":129,"percentile":138},"2025-11-07",0.77821,{"date":140,"score":129,"percentile":141},"2025-11-08",0.77828,{"date":143,"score":129,"percentile":144},"2025-11-09",0.77824,{"date":146,"score":129,"percentile":147},"2025-11-10",0.77812,{"date":149,"score":129,"percentile":150},"2025-11-11",0.77815,{"date":152,"score":129,"percentile":153},"2025-11-12",0.77832,{"date":155,"score":129,"percentile":156},"2025-11-13",0.77842,{"date":158,"score":129,"percentile":159},"2025-11-14",0.77851,{"date":161,"score":129,"percentile":162},"2025-11-15",0.77848,{"date":164,"score":129,"percentile":165},"2025-11-16",0.7785,{"date":167,"score":129,"percentile":168},"2025-11-17",0.77845,{"date":170,"score":90,"percentile":171},"2025-11-18",0.76969,{"date":173,"score":90,"percentile":174},"2025-11-19",0.76975,{"date":176,"score":90,"percentile":177},"2025-11-20",0.76984,{"date":179,"score":129,"percentile":180},"2025-11-21",0.77874,{"date":182,"score":129,"percentile":183},"2025-11-22",0.77873,{"date":185,"score":129,"percentile":186},"2025-11-23",0.77859,{"date":188,"score":129,"percentile":189},"2025-11-24",0.77857,{"date":191,"score":129,"percentile":192},"2025-11-25",0.77863,{"date":194,"score":129,"percentile":195},"2025-11-26",0.7787,{"date":197,"score":129,"percentile":180},"2025-11-27",{"date":199,"score":129,"percentile":200},"2025-11-28",0.77865,{"date":202,"score":129,"percentile":183},"2025-11-29",{"date":204,"score":129,"percentile":205},"2025-11-30",0.77871,{"date":207,"score":208,"percentile":209},"2025-12-01",0.00609,0.68991,{"date":211,"score":208,"percentile":212},"2025-12-02",0.68999,{"date":214,"score":208,"percentile":215},"2025-12-03",0.68995,{"date":217,"score":129,"percentile":218},"2025-12-04",0.7786,{"date":220,"score":129,"percentile":221},"2025-12-05",0.77867,{"date":223,"score":129,"percentile":224},"2025-12-06",0.77869,{"date":226,"score":129,"percentile":192},"2025-12-07",{"date":228,"score":129,"percentile":229},"2025-12-08",0.77868,{"date":231,"score":129,"percentile":232},"2025-12-09",0.77889,{"date":234,"score":129,"percentile":235},"2025-12-10",0.77914,{"date":237,"score":129,"percentile":238},"2025-12-11",0.77928,{"date":240,"score":129,"percentile":241},"2025-12-12",0.77947,{"date":243,"score":129,"percentile":244},"2025-12-13",0.77949,{"date":246,"score":129,"percentile":247},"2025-12-14",0.77946,{"date":249,"score":129,"percentile":250},"2025-12-15",0.77942,{"date":252,"score":129,"percentile":253},"2025-12-16",0.77953,{"date":255,"score":129,"percentile":256},"2025-12-17",0.77963,{"date":258,"score":129,"percentile":259},"2025-12-18",0.7798,{"date":261,"score":129,"percentile":262},"2025-12-19",0.77992,{"date":264,"score":129,"percentile":265},"2025-12-20",0.77986,{"date":267,"score":129,"percentile":259},"2025-12-21",{"date":269,"score":129,"percentile":270},"2025-12-22",0.77982,{"date":272,"score":129,"percentile":273},"2025-12-23",0.77985,{"date":275,"score":129,"percentile":276},"2025-12-24",0.77997,{"date":278,"score":129,"percentile":279},"2025-12-25",0.78017,{"date":281,"score":129,"percentile":282},"2025-12-26",0.78014,{"date":284,"score":129,"percentile":285},"2025-12-27",0.78061,{"date":287,"score":129,"percentile":288},"2025-12-28",0.78003,{"date":290,"score":129,"percentile":291},"2025-12-29",0.77999,{"date":293,"score":129,"percentile":294},"2025-12-30",0.78004,{"date":296,"score":129,"percentile":297},"2025-12-31",0.78016,{"date":299,"score":208,"percentile":300},"2026-01-01",0.69236,{"date":302,"score":208,"percentile":303},"2026-01-02",0.69226,{"date":305,"score":208,"percentile":303},"2026-01-03",{"date":307,"score":129,"percentile":279},"2026-01-04",{"date":309,"score":129,"percentile":310},"2026-01-05",0.78009,{"date":312,"score":129,"percentile":279},"2026-01-06",{"date":314,"score":129,"percentile":315},"2026-01-07",0.78023,{"date":317,"score":129,"percentile":318},"2026-01-08",0.78031,{"date":320,"score":129,"percentile":321},"2026-01-09",0.78034,{"date":323,"score":129,"percentile":324},"2026-01-10",0.78035,{"date":326,"score":129,"percentile":327},"2026-01-11",0.78026,{"date":329,"score":129,"percentile":330},"2026-01-12",0.78013,{"date":332,"score":129,"percentile":333},"2026-01-13",0.78011,{"date":335,"score":129,"percentile":336},"2026-01-14",0.78032,{"date":338,"score":129,"percentile":339},"2026-01-15",0.78036,{"date":341,"score":129,"percentile":342},"2026-01-16",0.78045,{"date":344,"score":129,"percentile":345},"2026-01-17",0.78051,{"date":347,"score":129,"percentile":342},"2026-01-18",{"date":349,"score":129,"percentile":350},"2026-01-19",0.78043,{"date":352,"score":129,"percentile":353},"2026-01-20",0.78037,{"date":355,"score":129,"percentile":356},"2026-01-21",0.78042,{"date":358,"score":129,"percentile":359},"2026-01-22",0.7805,{"date":361,"score":129,"percentile":362},"2026-01-23",0.78077,{"date":364,"score":129,"percentile":365},"2026-01-24",0.78088,{"date":367,"score":129,"percentile":368},"2026-01-25",0.78081,{"date":370,"score":129,"percentile":371},"2026-01-26",0.78076,{"date":373,"score":129,"percentile":371},"2026-01-27",{"date":375,"score":129,"percentile":376},"2026-01-28",0.7808,{"date":378,"score":129,"percentile":371},"2026-01-29",{"date":380,"score":129,"percentile":368},"2026-01-30",{"date":382,"score":129,"percentile":383},"2026-01-31",0.78082,{"date":385,"score":208,"percentile":386},"2026-02-01",0.69324,[388,395],{"source":100,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":389,"cvss_v4_0":9},{"baseScore":390,"baseSeverity":391,"vectorString":392,"impactScore":393,"exploitabilityScore":394},5.4,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",4.5,5.6,{"source":94,"cvss_v2_0":396,"cvss_v3_0":9,"cvss_v3_1":401,"cvss_v4_0":9},{"baseScore":397,"baseSeverity":9,"vectorString":398,"impactScore":399,"exploitabilityScore":400},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":92,"baseSeverity":391,"vectorString":95,"impactScore":393,"exploitabilityScore":402},7.2,[404,421,429,435],{"ecosystem":9,"name":405,"vendor":406,"product":407,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"action view","action_view_project","action_view","a",[410,416],{"version":411,"is_range":412,"range_type":413,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":415,"fixed_in":9},"lt5.2.4.4",true,"cpe","5.2.4.4","excluding",{"version":417,"is_range":412,"range_type":413,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":415,"fixed_in":9},"gte6.0.0.0_lt6.0.3.3","6.0.0.0","including","6.0.3.3",{"ecosystem":9,"name":422,"vendor":423,"product":424,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"debian linux","debian","debian_linux","o",[427],{"version":428,"is_range":88,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0",{"ecosystem":9,"name":430,"vendor":431,"product":430,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":432},"fedora","fedoraproject",[433],{"version":434,"is_range":88,"range_type":413,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":436,"vendor":437,"product":436,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":438},"actionview","rails",[439,441],{"version":440,"is_range":412,"range_type":100,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":415,"fixed_in":9},"\u003C 5.2.4.4",{"version":442,"is_range":412,"range_type":100,"version_start":418,"version_start_type":419,"version_end":420,"version_end_type":415,"fixed_in":9},">= 6.0.0.0, \u003C 6.0.3.3"]