Description

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.

Remediation

References

CVE-2013-6416

Related Vulnerabilities

MySQL CVE-2019-2784 Vulnerability (CVE-2019-2784)

Oracle Application Server Other Vulnerability (CVE-2007-2123)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

Ember.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0013)

WordPress Plugin Cookie Notification for WordPress-WP Cookie User Info includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

Severity

Medium

Classification

CVE-2013-6416 CWE-707

Tags

Missing Update Known Vulnerabilities