3 matches found
rubygem-actionpack: number_to_currency XSS
It was found that the numbertocurrency Action View helper did not properly escape the unit parameter. An attacker could use this flaw to perform a cross-site scripting XSS attack on an application that uses data submitted by a user in the unit parameter...
rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability
Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...
UBUNTU-CVE-2013-6415
Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...