Cross-site Scripting Vulnerability in Ruby on Rails Affects Action Pack Component
CVE-2013-6415

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 7 December 2013

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2013-6415?

The vulnerability in Ruby on Rails' Action Pack component is a Cross-site Scripting (XSS) flaw that allows attackers to inject arbitrary web scripts or HTML by manipulating the 'unit' parameter in the number_to_currency helper. This could potentially compromise the integrity of the application and the security of its users, making it crucial for developers to update to the patched versions to mitigate risks.

References

http://rhn.redhat.com/errata/RHSA-2014-0008.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-updates/2013-12/msg000...

vendor-advisoryx_refsource_SUSE

https://puppet.com/security/cve/cve-2013-6415

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Nov 4, 2013