This host is running Ruby on Rails and is prone to cross-site scripting vulnerability.

Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Upgrade to Ruby on Rails version 2.2.3 or 2.3.4 or later. For updates refer to http://rubyonrails.org/download

The flaw is due to error in handling of 'escaping' code for the form helpers, which does not properly filter HTML code from user-supplied input before displaying the input.

Ruby on Rails version 2.x before to 2.2.3 and 2.3.x before 2.3.4

• http://secunia.com/advisories/product/25856/
• http://securitytracker.com/alerts/2009/Sep/1022824.html
• http://www.vupen.com/english/advisories/2009/2544
• http://xforce.iss.net/xforce/xfdb/53036

---

Updated on 2015-03-25