{"id":"CVE-2022-27777","details":"A XSS Vulnerability in Action View tag helpers \u003e= 5.2.0 and \u003c 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.","aliases":["GHSA-ch3h-j2vf-95pv"],"modified":"2026-03-13T05:44:16.532827Z","published":"2022-05-26T17:15:09.187Z","related":["SUSE-SU-2022:3621-1","SUSE-SU-2022:3860-1","SUSE-SU-2023:2059-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5372"},{"type":"FIX","url":"https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.2.7.1"}]},{"events":[{"introduced":"6.0.0"},{"fixed":"6.0.4.8"}]},{"events":[{"introduced":"6.1.0"},{"fixed":"6.1.5.1"}]},{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.2.4"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27777.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}