Lucene search
K

10 matches found

OSV
OSV
added 2017/10/24 6:33 p.m.45 views

GHSA-6H5Q-96HP-9JGM actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6.6AI score0.03171EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.53 views

actionpack vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS5.5AI score0.03171EPSS
Exploits0References18Affected Software1
Prion
Prion
added 2014/02/20 3:27 p.m.35 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

4.3CVSS6AI score0.04032EPSS
Exploits0References8Affected Software5
RubySec
RubySec
added 2014/02/18 12:0 a.m.34 views

CVE-2014-0081 rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

4.3CVSS5.9AI score0.04032EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/12/07 12:55 a.m.20 views

CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS5.4AI score0.03171EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2013/12/07 12:55 a.m.44 views

CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References2
Prion
Prion
added 2013/12/07 12:55 a.m.35 views

Cross site scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS6AI score0.03171EPSS
Exploits0References15Affected Software2
Debian CVE
Debian CVE
added 2013/12/07 12:0 a.m.46 views

CVE-2013-6415

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

4.3CVSS5.6AI score0.03171EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2013/12/06 12:0 a.m.55 views

XSS Vulnerability in number_to_currency

The numbertocurrency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack...

4.3CVSS3.3AI score0.03171EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/12/03 12:0 a.m.41 views

XSS Vulnerability in number_to_currency

There is an XSS vulnerability in the numbertocurrency helper in Ruby on Raile. The numbertocurrency helper allows users to nicely format a numeric value. One of the parameters to the helper unit is not escaped correctly. Applications which pass user controlled data as the unit parameter are...

4.3CVSS3.3AI score0.03171EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder