oxidized-web 0.3.0
Oxidized Web RANCID migration page allows unauthenticated user to gain control over Linux user account
high severity CVE-2025-27590>= 0.15.0
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
Oxidized Web vulnerable to Cross-site Scripting
medium severity CVE-2019-25088A vulnerability was found in ytti Oxidized Web. It has been classified
as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml.
The manipulation of the argument to_research leads to cross site scripting. It
is possible to launch the attack remotely. The name of the patch is 55ab9bdc68b03ebce9280b8746ef31d7fdedcc45.
It is recommended to apply a patch to fix this issue. VDB-216870 is the identifier
assigned to this vulnerability.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.