Description The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. Remediation References CVE-2010-3299 Related Vulnerabilities WordPress Plugin Time Sheets Multiple Cross-Site Scripting Vulnerabilities (1.5.1) WordPress Plugin CTA for WordPress-Easy Side Tab includes Backdoor [Only if downloaded via the vendor website] (1.0.7) Nginx Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0088) Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13239) WordPress Plugin ICustomizer Cross-Site Scripting (1.4.13) Severity Medium Classification CVE-2010-3299 CWE-311 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities