|Created:||December 18, 2013||Updated:||December 18, 2013|
|Description:||From the CVE entry:
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds