The host is running Ruby on Rails, which is prone to Cross Site Scripting Vulnerability.

Successful exploitation will allow attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or steal cookie-based authentication credentials and launch other attacks. Impact Level: Application

Apply the security patches or upgrade to Ruby on Rails version 2.3.5 http://github.com/rails/rails/ http://rubyonrails.org/download ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

This issue is due to the error in 'strip_tagi()' function which is not properly escaping non-printable ascii characters.

Ruby on Rails version before 2.3.5

• http://secunia.com/advisories/37446
• http://www.openwall.com/lists/oss-security/2009/11/27/2
• http://www.securitytracker.com/id?1023245
• http://www.vupen.com/english/advisories/2009/3352

---

Updated on 2015-03-25