34 matches found
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unit parameter in print-customoid.php. PoC Pass in a unit parameter value, when...
CVE-2024-50829
A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...
Kashipara E-learning Management System 安全漏洞
Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter unit...
SUSE CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
actionpack vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
rubygem-actionpack: number_to_currency XSS
It was found that the numbertocurrency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting XSS attack on an application that uses data submitted by a user in the unit parameter...
rubygem-actionpack: number_to_currency XSS
It was found that the numbertocurrency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting XSS attack on an application that uses data submitted by a user in the unit parameter...
CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
UBUNTU-CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...
XSS Vulnerability in number_to_currency
The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...
rubygem-actionpack: number_to_currency XSS
It was found that the numbertocurrency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting XSS attack on an application that uses data submitted by a user in the unit parameter...
XSS Vulnerability in number_to_currency
There is an XSS vulnerability in the numbertocurrency helper in Ruby on Raile. The numbertocurrency helper allows users to nicely format a numeric value. One of the parameters to the helper unit is not escaped correctly. Applications which pass user controlled data as the unit parameter are...