[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-22577":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":58,"related":59,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":72,"kevs":94,"epss":95,"epss_history":98,"metrics":366,"affected":377},"CVE-2022-22577","An XSS Vulnerability in Action Pack >= 5.2.0 and \u003C 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56],{"_key":49},"DLA-3093-1",{"_key":51},"DSA-5372-1",{"_key":53},"DEBIAN-CVE-2022-22577",{"_key":55},"RHSA-2023:2097",{"_key":57},"UBUNTU-CVE-2022-22577",[],[],"2022-05-26T00:00:00.000Z","2024-08-03T03:14:55.738Z","Modified",{"cisa_kev":64,"cisa_ransomware":64,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":62},false,"low",0.00495,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[73,80,86,90],{"url":74,"sources":75,"tags":77},"https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533",[76,70],"cve.org",[78,79],"Patch","Vendor Advisory",{"url":81,"sources":82,"tags":83},"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html",[76,70],[84,85],"Mailing List","Third Party Advisory",{"url":87,"sources":88,"tags":89},"https://security.netapp.com/advisory/ntap-20221118-0002/",[76,70],[85],{"url":91,"sources":92,"tags":93},"https://www.debian.org/security/2023/dsa-5372",[76,70],[79],[],{"date":96,"score":66,"percentile":97},"2026-06-04",0.66119,[99,103,106,109,112,115,118,121,124,127,130,133,135,138,141,145,149,152,155,158,161,164,167,169,172,175,178,181,185,188,191,194,197,199,202,205,208,212,215,218,221,223,226,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,278,281,284,287,290,293,296,298,301,303,306,309,312,315,318,320,323,326,329,332,334,337,340,343,346,349,352,355,358,360,363],{"date":100,"score":101,"percentile":102},"2025-11-04",0.00269,0.50139,{"date":104,"score":101,"percentile":105},"2025-11-05",0.50126,{"date":107,"score":101,"percentile":108},"2025-11-06",0.50137,{"date":110,"score":101,"percentile":111},"2025-11-07",0.50163,{"date":113,"score":101,"percentile":114},"2025-11-08",0.50164,{"date":116,"score":101,"percentile":117},"2025-11-09",0.5015,{"date":119,"score":101,"percentile":120},"2025-11-10",0.50117,{"date":122,"score":101,"percentile":123},"2025-11-11",0.50131,{"date":125,"score":101,"percentile":126},"2025-11-12",0.50156,{"date":128,"score":101,"percentile":129},"2025-11-13",0.50162,{"date":131,"score":101,"percentile":132},"2025-11-14",0.50171,{"date":134,"score":101,"percentile":111},"2025-11-15",{"date":136,"score":101,"percentile":137},"2025-11-16",0.50144,{"date":139,"score":101,"percentile":140},"2025-11-17",0.50121,{"date":142,"score":143,"percentile":144},"2025-11-18",0.00882,0.73382,{"date":146,"score":147,"percentile":148},"2025-11-19",0.0072,0.70257,{"date":150,"score":147,"percentile":151},"2025-11-20",0.70268,{"date":153,"score":101,"percentile":154},"2025-11-21",0.50129,{"date":156,"score":101,"percentile":157},"2025-11-22",0.50123,{"date":159,"score":101,"percentile":160},"2025-11-23",0.50086,{"date":162,"score":101,"percentile":163},"2025-11-24",0.50075,{"date":165,"score":101,"percentile":166},"2025-11-25",0.50083,{"date":168,"score":101,"percentile":163},"2025-11-26",{"date":170,"score":101,"percentile":171},"2025-11-27",0.50081,{"date":173,"score":101,"percentile":174},"2025-11-28",0.50048,{"date":176,"score":101,"percentile":177},"2025-11-29",0.50024,{"date":179,"score":101,"percentile":180},"2025-11-30",0.50012,{"date":182,"score":183,"percentile":184},"2025-12-01",0.00213,0.43928,{"date":186,"score":183,"percentile":187},"2025-12-02",0.43942,{"date":189,"score":183,"percentile":190},"2025-12-03",0.43939,{"date":192,"score":101,"percentile":193},"2025-12-04",0.50026,{"date":195,"score":101,"percentile":196},"2025-12-05",0.50047,{"date":198,"score":101,"percentile":196},"2025-12-06",{"date":200,"score":101,"percentile":201},"2025-12-07",0.50038,{"date":203,"score":101,"percentile":204},"2025-12-08",0.50031,{"date":206,"score":101,"percentile":207},"2025-12-09",0.50052,{"date":209,"score":210,"percentile":211},"2025-12-10",0.00287,0.51811,{"date":213,"score":210,"percentile":214},"2025-12-11",0.51826,{"date":216,"score":210,"percentile":217},"2025-12-12",0.51852,{"date":219,"score":210,"percentile":220},"2025-12-13",0.5184,{"date":222,"score":210,"percentile":214},"2025-12-14",{"date":224,"score":210,"percentile":225},"2025-12-15",0.51808,{"date":227,"score":210,"percentile":228},"2025-12-16",0.51823,{"date":230,"score":210,"percentile":231},"2025-12-17",0.51841,{"date":233,"score":210,"percentile":234},"2025-12-18",0.51877,{"date":236,"score":210,"percentile":237},"2025-12-19",0.51879,{"date":239,"score":210,"percentile":240},"2025-12-20",0.51842,{"date":242,"score":210,"percentile":243},"2025-12-21",0.51819,{"date":245,"score":210,"percentile":246},"2025-12-22",0.518,{"date":248,"score":210,"percentile":249},"2025-12-23",0.51805,{"date":251,"score":210,"percentile":252},"2025-12-24",0.51817,{"date":254,"score":210,"percentile":255},"2025-12-25",0.51864,{"date":257,"score":210,"percentile":258},"2025-12-26",0.51856,{"date":260,"score":210,"percentile":261},"2025-12-27",0.51883,{"date":263,"score":210,"percentile":264},"2025-12-28",0.51806,{"date":266,"score":210,"percentile":267},"2025-12-29",0.51785,{"date":269,"score":210,"percentile":270},"2025-12-30",0.5178,{"date":272,"score":210,"percentile":273},"2025-12-31",0.51818,{"date":275,"score":276,"percentile":277},"2026-01-01",0.00227,0.4563,{"date":279,"score":276,"percentile":280},"2026-01-02",0.45607,{"date":282,"score":276,"percentile":283},"2026-01-03",0.45593,{"date":285,"score":210,"percentile":286},"2026-01-04",0.51788,{"date":288,"score":210,"percentile":289},"2026-01-05",0.51771,{"date":291,"score":210,"percentile":292},"2026-01-06",0.51778,{"date":294,"score":210,"percentile":295},"2026-01-07",0.51799,{"date":297,"score":210,"percentile":243},"2026-01-08",{"date":299,"score":210,"percentile":300},"2026-01-09",0.51803,{"date":302,"score":210,"percentile":246},"2026-01-10",{"date":304,"score":210,"percentile":305},"2026-01-11",0.51782,{"date":307,"score":210,"percentile":308},"2026-01-12",0.5174,{"date":310,"score":210,"percentile":311},"2026-01-13",0.51715,{"date":313,"score":210,"percentile":314},"2026-01-14",0.51762,{"date":316,"score":210,"percentile":317},"2026-01-15",0.51766,{"date":319,"score":210,"percentile":305},"2026-01-16",{"date":321,"score":210,"percentile":322},"2026-01-17",0.51761,{"date":324,"score":210,"percentile":325},"2026-01-18",0.51742,{"date":327,"score":210,"percentile":328},"2026-01-19",0.51723,{"date":330,"score":210,"percentile":331},"2026-01-20",0.51722,{"date":333,"score":210,"percentile":331},"2026-01-21",{"date":335,"score":210,"percentile":336},"2026-01-22",0.51729,{"date":338,"score":210,"percentile":339},"2026-01-23",0.51773,{"date":341,"score":210,"percentile":342},"2026-01-24",0.51779,{"date":344,"score":210,"percentile":345},"2026-01-25",0.51732,{"date":347,"score":210,"percentile":348},"2026-01-26",0.5171,{"date":350,"score":210,"percentile":351},"2026-01-27",0.51716,{"date":353,"score":210,"percentile":354},"2026-01-28",0.5173,{"date":356,"score":210,"percentile":357},"2026-01-29",0.51727,{"date":359,"score":210,"percentile":336},"2026-01-30",{"date":361,"score":210,"percentile":362},"2026-01-31",0.51733,{"date":364,"score":276,"percentile":365},"2026-02-01",0.45403,[367],{"source":70,"cvss_v2_0":368,"cvss_v3_0":9,"cvss_v3_1":373,"cvss_v4_0":9},{"baseScore":369,"baseSeverity":9,"vectorString":370,"impactScore":371,"exploitabilityScore":372},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":68,"baseSeverity":374,"vectorString":71,"impactScore":375,"exploitabilityScore":376},"MEDIUM",4.5,7.2,[378,387],{"ecosystem":9,"name":379,"vendor":380,"product":381,"cpe_part":382,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":383},"debian linux","debian","debian_linux","o",[384],{"version":385,"is_range":64,"range_type":386,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"ecosystem":9,"name":388,"vendor":389,"product":388,"cpe_part":390,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"actionpack","rubyonrails","a",[392,399,403,407],{"version":393,"is_range":394,"range_type":386,"version_start":395,"version_start_type":396,"version_end":397,"version_end_type":398,"fixed_in":9},"gte5.2.0_lt5.2.7.1",true,"5.2.0","including","5.2.7.1","excluding",{"version":400,"is_range":394,"range_type":386,"version_start":401,"version_start_type":396,"version_end":402,"version_end_type":398,"fixed_in":9},"gte6.0.0_lt6.0.4.8","6.0.0","6.0.4.8",{"version":404,"is_range":394,"range_type":386,"version_start":405,"version_start_type":396,"version_end":406,"version_end_type":398,"fixed_in":9},"gte6.1.0_lt6.1.5.1","6.1.0","6.1.5.1",{"version":408,"is_range":394,"range_type":386,"version_start":409,"version_start_type":396,"version_end":410,"version_end_type":398,"fixed_in":9},"gte7.0.0_lt7.0.2.4","7.0.0","7.0.2.4"]