CVE-2013-6415 in Ruby on Railsinformação

Sumário

de MITRE

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservar

04/11/2013

Divulgação

06/12/2013

Moderação

aceite

Entrada

VDB-11373

CPE

pronto

EPSS

0.03171

KEV

não

Atividades

muito baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!