2 matches found
Cross-site Scripting (XSS)
actionpack gem is vulnerable to cross-site scripting XSS vulnerability. The attacker can input malicious string via actionpack/lib/actionview/helpers/translationhelper.rb to trigger generation of a fallback string by the i18n gem...
CVE-2013-4491
CVE-2013-4491 is a Cross-site scripting flaw in Ruby on Rails Action Pack’s i18n translation path. The vulnerability arises when an i18n fallback string includes user-controlled input, allowing remote script or HTML injection. Affected are Rails 3.x prior to 3.2.16 and 4.x prior to 4.0.2. Patches...