User: Password:
Subscribe / Log in / New account

rubygem-actionpack: cross-site scripting

Package(s):rubygem-actionpack CVE #(s):CVE-2013-6415
Created:December 18, 2013 Updated:December 18, 2013
Description: From the CVE entry:

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

Debian DSA-2888-1 ruby-actionpack-3.2 2014-03-27
Fedora FEDORA-2013-23636 rubygem-actionpack 2014-03-07
Red Hat RHSA-2014:0008-01 ruby193-rubygem-actionpack 2014-01-06
openSUSE openSUSE-SU-2014:0009-1 rubygem-actionpack-3_2 2014-01-03
openSUSE openSUSE-SU-2014:0019-1 rubygem-actionpack-2_3 2014-01-03
openSUSE openSUSE-SU-2013:1907-1 rubygem-actionpack-3_2 2013-12-18
openSUSE openSUSE-SU-2013:1906-1 rubygem-actionpack-3_2 2013-12-18
openSUSE openSUSE-SU-2013:1904-1 rubygem-actionpack-3_2 2013-12-18
openSUSE openSUSE-SU-2013:1905-1 rubygem-actionpack-2_3 2013-12-18

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds