CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Mageia•added 2014/04/03 1:23 p.m.•24 views

Updated ruby-rack-ssl packages fix CVE-2014-2538

Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters su...

4.3CVSS5.6AI score0.00273EPSS

Exploits1References2

NVD•added 2014/03/25 6:21 p.m.•12 views

CVE-2014-2538

Cross-site scripting XSS vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack...

4.3CVSS5.5AI score0.00273EPSS

Exploits1References5

UbuntuCve•added 2014/03/25 6:21 p.m.•16 views

CVE-2014-2538

4.3CVSS7.3AI score0.00273EPSS

Exploits1References2

Prion•added 2014/03/25 6:21 p.m.•14 views

Cross site scripting

4.3CVSS6AI score0.00273EPSS

Exploits1References5Affected Software1

Cvelist•added 2014/03/25 2:0 p.m.•17 views

CVE-2014-2538

5.4AI score0.00273EPSS

Exploits1References5

CVE•added 2014/03/25 2:0 p.m.•78 views

CVE-2014-2538

CVE-2014-2538 describes an XSS vulnerability in the rack-ssl gem’s Ruby component (lib/rack/ssl.rb) prior to version 1.4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a URI, which may not be handled correctly by adapters such as JRuby-Rack. Affected product: rack...

4.3CVSS5.5AI score0.00273EPSS

Exploits1References5Affected Software1