logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2013-4491

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.


Affected Package


OS OS Version Package Name Package Version
Debian 12 rails 2:6.1.4.7+dfsg-2
Debian 11 rails 2:6.0.3.7+dfsg-2
Debian 10 rails 2:5.2.2.1+dfsg-1+deb10u3
Debian 999 rails 2:6.1.4.7+dfsg-2

Related