[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-26143":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":67,"duplicate_of":9,"upstream":68,"downstream":69,"duplicates":80,"related":81,"reserved_at":9,"published_at":86,"modified_at":87,"state":88,"summary":89,"references_raw":97,"kevs":128,"epss":129,"epss_history":132,"metrics":395,"affected":403},"CVE-2024-26143","Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in \"_html\", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,54,59],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RAILS_RAILS","Rails","github","https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv","poc",0.3,false,[],{"_key":55,"name":56,"source":48,"url":57,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":58,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_RUBYSEC_RUBY-ADVISORY-DB","Ruby Advisory Db","https://github.com/rubysec/ruby-advisory-db/issues/476",[],{"_key":60,"name":61,"source":62,"url":63,"maturity":64,"reliability_score":65,"verified":52,"type":9,"platforms":66,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_9CC01AB10E6A91DD","Exploit Reference (discuss.rubyonrails.org)","reference","https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947","unknown",0.2,[],[],[],[70,72,74,76,78],{"_key":71},"OPENSUSE-SU-2024:14067-1",{"_key":73},"OPENSUSE-SU-2024:14074-1",{"_key":75},"OPENSUSE-SU-2025:15110-1",{"_key":77},"OPENSUSE-SU-2025:15124-1",{"_key":79},"UBUNTU-CVE-2024-26143",[],[82,83,84,85],{"_key":71},{"_key":73},{"_key":75},{"_key":77},"2024-02-27T15:33:54.643Z","2025-02-13T17:41:06.380Z","Analyzed",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":90,"epss_score":91,"severity":92,"severity_score":93,"severity_version":94,"severity_source":95,"severity_vector":96,"severity_status":88},"low",0.02067,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[98,106,112,116,119,124],{"url":99,"sources":100,"tags":102},"https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4",[95,101],"nvd",[103,104,105],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":107,"sources":108,"tags":109},"https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc",[95,101],[110,111],"X Refsource MISC","Patch",{"url":113,"sources":114,"tags":115},"https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e",[95,101],[110,111],{"url":63,"sources":117,"tags":118},[95,101],[110,104,105],{"url":120,"sources":121,"tags":122},"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml",[95,101],[110,104,123],"Third Party Advisory",{"url":125,"sources":126,"tags":127},"https://security.netapp.com/advisory/ntap-20240510-0004/",[95,101],[123],[],{"date":130,"score":91,"percentile":131},"2026-06-04",0.84248,[133,137,140,143,146,149,152,155,158,161,164,167,170,172,175,179,182,185,188,191,194,197,200,203,206,209,211,214,218,221,223,226,229,232,234,237,240,243,246,249,252,255,258,261,264,267,270,272,275,278,281,284,287,289,292,295,298,301,304,307,310,313,316,318,321,323,326,329,332,335,337,340,343,345,348,351,354,357,360,363,366,369,372,375,377,380,383,386,389,392],{"date":134,"score":135,"percentile":136},"2025-11-04",0.01535,0.80712,{"date":138,"score":135,"percentile":139},"2025-11-05",0.80714,{"date":141,"score":135,"percentile":142},"2025-11-06",0.80715,{"date":144,"score":135,"percentile":145},"2025-11-07",0.80726,{"date":147,"score":135,"percentile":148},"2025-11-08",0.80733,{"date":150,"score":135,"percentile":151},"2025-11-09",0.80729,{"date":153,"score":135,"percentile":154},"2025-11-10",0.80724,{"date":156,"score":135,"percentile":157},"2025-11-11",0.80725,{"date":159,"score":135,"percentile":160},"2025-11-12",0.80739,{"date":162,"score":135,"percentile":163},"2025-11-13",0.80744,{"date":165,"score":135,"percentile":166},"2025-11-14",0.80751,{"date":168,"score":135,"percentile":169},"2025-11-15",0.80746,{"date":171,"score":135,"percentile":169},"2025-11-16",{"date":173,"score":135,"percentile":174},"2025-11-17",0.80743,{"date":176,"score":177,"percentile":178},"2025-11-18",0.01018,0.75289,{"date":180,"score":177,"percentile":181},"2025-11-19",0.75295,{"date":183,"score":177,"percentile":184},"2025-11-20",0.75305,{"date":186,"score":135,"percentile":187},"2025-11-21",0.80762,{"date":189,"score":135,"percentile":190},"2025-11-22",0.80763,{"date":192,"score":135,"percentile":193},"2025-11-23",0.80754,{"date":195,"score":135,"percentile":196},"2025-11-24",0.80755,{"date":198,"score":135,"percentile":199},"2025-11-25",0.80759,{"date":201,"score":135,"percentile":202},"2025-11-26",0.8076,{"date":204,"score":135,"percentile":205},"2025-11-27",0.80765,{"date":207,"score":135,"percentile":208},"2025-11-28",0.80758,{"date":210,"score":135,"percentile":190},"2025-11-29",{"date":212,"score":135,"percentile":213},"2025-11-30",0.80769,{"date":215,"score":216,"percentile":217},"2025-12-01",0.01301,0.79216,{"date":219,"score":216,"percentile":220},"2025-12-02",0.79219,{"date":222,"score":216,"percentile":220},"2025-12-03",{"date":224,"score":135,"percentile":225},"2025-12-04",0.80771,{"date":227,"score":135,"percentile":228},"2025-12-05",0.80779,{"date":230,"score":135,"percentile":231},"2025-12-06",0.80781,{"date":233,"score":135,"percentile":231},"2025-12-07",{"date":235,"score":135,"percentile":236},"2025-12-08",0.80784,{"date":238,"score":135,"percentile":239},"2025-12-09",0.80797,{"date":241,"score":135,"percentile":242},"2025-12-10",0.80824,{"date":244,"score":135,"percentile":245},"2025-12-11",0.80835,{"date":247,"score":135,"percentile":248},"2025-12-12",0.80849,{"date":250,"score":135,"percentile":251},"2025-12-13",0.80848,{"date":253,"score":135,"percentile":254},"2025-12-14",0.80846,{"date":256,"score":135,"percentile":257},"2025-12-15",0.80843,{"date":259,"score":135,"percentile":260},"2025-12-16",0.80853,{"date":262,"score":135,"percentile":263},"2025-12-17",0.80862,{"date":265,"score":135,"percentile":266},"2025-12-18",0.80881,{"date":268,"score":135,"percentile":269},"2025-12-19",0.80888,{"date":271,"score":135,"percentile":266},"2025-12-20",{"date":273,"score":135,"percentile":274},"2025-12-21",0.80876,{"date":276,"score":135,"percentile":277},"2025-12-22",0.80875,{"date":279,"score":135,"percentile":280},"2025-12-23",0.80878,{"date":282,"score":135,"percentile":283},"2025-12-24",0.80891,{"date":285,"score":135,"percentile":286},"2025-12-25",0.80908,{"date":288,"score":135,"percentile":286},"2025-12-26",{"date":290,"score":135,"percentile":291},"2025-12-27",0.80946,{"date":293,"score":135,"percentile":294},"2025-12-28",0.80895,{"date":296,"score":135,"percentile":297},"2025-12-29",0.80893,{"date":299,"score":135,"percentile":300},"2025-12-30",0.809,{"date":302,"score":135,"percentile":303},"2025-12-31",0.80914,{"date":305,"score":216,"percentile":306},"2026-01-01",0.7938,{"date":308,"score":216,"percentile":309},"2026-01-02",0.79378,{"date":311,"score":216,"percentile":312},"2026-01-03",0.79374,{"date":314,"score":135,"percentile":315},"2026-01-04",0.80898,{"date":317,"score":135,"percentile":297},"2026-01-05",{"date":319,"score":135,"percentile":320},"2026-01-06",0.80897,{"date":322,"score":135,"percentile":300},"2026-01-07",{"date":324,"score":135,"percentile":325},"2026-01-08",0.80909,{"date":327,"score":135,"percentile":328},"2026-01-09",0.80911,{"date":330,"score":135,"percentile":331},"2026-01-10",0.80912,{"date":333,"score":135,"percentile":334},"2026-01-11",0.80905,{"date":336,"score":135,"percentile":320},"2026-01-12",{"date":338,"score":135,"percentile":339},"2026-01-13",0.80894,{"date":341,"score":135,"percentile":342},"2026-01-14",0.80915,{"date":344,"score":135,"percentile":303},"2026-01-15",{"date":346,"score":135,"percentile":347},"2026-01-16",0.80924,{"date":349,"score":135,"percentile":350},"2026-01-17",0.80931,{"date":352,"score":135,"percentile":353},"2026-01-18",0.80922,{"date":355,"score":135,"percentile":356},"2026-01-19",0.80916,{"date":358,"score":135,"percentile":359},"2026-01-20",0.80918,{"date":361,"score":135,"percentile":362},"2026-01-21",0.80925,{"date":364,"score":135,"percentile":365},"2026-01-22",0.80933,{"date":367,"score":135,"percentile":368},"2026-01-23",0.80959,{"date":370,"score":135,"percentile":371},"2026-01-24",0.80966,{"date":373,"score":135,"percentile":374},"2026-01-25",0.8096,{"date":376,"score":135,"percentile":374},"2026-01-26",{"date":378,"score":135,"percentile":379},"2026-01-27",0.80964,{"date":381,"score":135,"percentile":382},"2026-01-28",0.80962,{"date":384,"score":135,"percentile":385},"2026-01-29",0.80958,{"date":387,"score":135,"percentile":388},"2026-01-30",0.80956,{"date":390,"score":135,"percentile":391},"2026-01-31",0.80963,{"date":393,"score":216,"percentile":394},"2026-02-01",0.79445,[396,401],{"source":95,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":93,"baseSeverity":398,"vectorString":96,"impactScore":399,"exploitabilityScore":400},"MEDIUM",4.5,7.2,{"source":101,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":9},{"baseScore":93,"baseSeverity":398,"vectorString":96,"impactScore":399,"exploitabilityScore":400},[404,419],{"ecosystem":9,"name":405,"vendor":405,"product":405,"cpe_part":406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":407},"rails","a",[408,415],{"version":409,"is_range":410,"range_type":95,"version_start":411,"version_start_type":412,"version_end":413,"version_end_type":414,"fixed_in":9},">= 7.0.0, \u003C 7.0.8.1",true,"7.0.0","including","7.0.8.1","excluding",{"version":416,"is_range":410,"range_type":95,"version_start":417,"version_start_type":412,"version_end":418,"version_end_type":414,"fixed_in":9},">= 7.1.0, \u003C 7.1.3.1","7.1.0","7.1.3.1",{"ecosystem":9,"name":405,"vendor":420,"product":405,"cpe_part":406,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":421},"rubyonrails",[422,425],{"version":423,"is_range":410,"range_type":424,"version_start":411,"version_start_type":412,"version_end":413,"version_end_type":414,"fixed_in":9},"gte7.0.0_lt7.0.8.1","cpe",{"version":426,"is_range":410,"range_type":424,"version_start":417,"version_start_type":412,"version_end":418,"version_end_type":414,"fixed_in":9},"gte7.1.0_lt7.1.3.1"]