Updated advisory posts against rubysec/ruby-advisory-db@aee7a6e

jasnow · RubySec CI · commit 289856da331e · 2026-01-17T23:49:30.000Z
diff --git a/advisories/_posts/2023-05-23-CVE-2023-25309.md b/advisories/_posts/2023-05-23-CVE-2023-25309.md
@@ -0,0 +1,30 @@
+---
+layout: advisory
+title: 'CVE-2023-25309 (rollout-ui): Cross Site Scripting (XSS) Vulnerability in Fetlife
+  rollout-ui gem v0.5'
+comments: false
+categories:
+- rollout-ui
+advisory:
+  gem: rollout-ui
+  cve: 2023-25309
+  ghsa: 5xq9-h3j2-jxvc
+  url: https://github.com/advisories/GHSA-5xq9-h3j2-jxvc
+  title: Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui gem v0.5
+  date: 2023-05-23
+  description: |
+    Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui
+    version 0.5, allows attackers to execute arbitrary code via a
+    crafted url to the delete a **feature** functionality.
+  cvss_v3: 6.1
+  patched_versions:
+  - ">= 0.5.3"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-25309
+    - https://github.com/fetlife/rollout-ui/releases/tag/v0.5.3
+    - https://github.com/fetlife/rollout-ui/pull/15
+    - https://github.com/fetlife/rollout-ui/pull/15/commits/6d202d2cbcae3dd9b92c1f5ab7be17b48d78c045
+    - https://advisories.gitlab.com/pkg/gem/rollout-ui/CVE-2023-25309
+    - https://github.com/advisories/GHSA-5xq9-h3j2-jxvc
+---
