Description
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Arbitrary File Download (3.4.5)
WordPress Plugin IWantOneButton 'updateAJAX.php' SQL Injection (3.0.1)
WordPress 'wp-trackback.php' SQL Injection Vulnerability (1.5)
WebLogic CVE-2019-2615 Vulnerability (CVE-2019-2615)
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)