CVE-2013-6415 in Ruby on Railsinformación

Resumen

por MITRE

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservar

2013-11-04

Divulgación

2013-12-06

Moderación

aceptado

Artículo

VDB-11373

CPE

listo

EPSS

0.03171

KEV

no

Actividades

muy bajo

Fuentes

Might our Artificial Intelligence support you?

Check our Alexa App!