Cross-Site Scripting Vulnerabilities in Ruby on Rails Framework
CVE-2014-0081

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 20 February 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-0081?

Multiple cross-site scripting vulnerabilities exist within the Ruby on Rails framework, specifically in the number_to_currency, number_to_percentage, and number_to_human helper methods. These vulnerabilities allow remote attackers to inject malicious web scripts or HTML via parameters like format, negative_format, or units. As a result, they can potentially disrupt web application functionality or exploit end-user interactions.

References

http://rhn.redhat.com/errata/RHSA-2014-0215.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2014-0306.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/65647

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2014
Vulnerability Reserved
Dec 3, 2013