Description

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

Remediation

References

CVE-2015-3226

Related Vulnerabilities

WordPress Plugin Permalink Manager Lite SQL Injection (2.2.12)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.13.59)

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-28491)

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

Next.js Uncontrolled Recursion Vulnerability (CVE-2024-47831)

Severity

Medium

Classification

CVE-2015-3226 CWE-707

Tags

Missing Update Known Vulnerabilities