Description

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

Remediation

References

CVE-2007-3227

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-1938)

Vulnerable JavaScript libraries

WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)

WordPress Plugin Permalink Manager Lite SQL Injection (2.2.12)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.9)

Severity

Medium

Classification

CVE-2007-3227 CWE-707

Tags

Missing Update Known Vulnerabilities