Lucene search

[email protected]CVE-2013-6416

HistoryDec 07, 2013 - 12:55 a.m.

CVE-2013-6416

2013-12-0700:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-6416

xss

vulnerability

ruby on rails 4.x

nvd

web script

html

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.3%

JSON

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq4.0.0
rubyonrails:railsrubyonrails railsle4.0.1

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	4.0.0
rubyonrails:rails	rubyonrails rails	le	4.0.1

References

weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

www.securityfocus.com/bid/64071

groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ

5.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2013-6416

gitlab1 github1 osv1 prion1 ubuntucve1 debiancve1 nessus2 freebsd1 openvas6 fedora4