CVE-2013-6415
Description
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
1.506
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-4491,CVE-2013-6414,CVE-2013-6415,CVE-2013-6417 are fixed in Ruby-actionpack 3.2.16 | Windows |
| Vulnerabilities CVE-2013-4491,CVE-2013-6414,CVE-2013-6415,CVE-2013-6416,CVE-2013-6417 are fixed in Ruby-actionpack 4.0.2 | Windows |
| Vulnerabilities CVE-2013-4491,CVE-2013-6414,CVE-2013-6415,CVE-2013-6417 are fixed in Ruby-actionpack for Linux 3.2.16 | Linux |
| Vulnerabilities CVE-2013-4491,CVE-2013-6414,CVE-2013-6415,CVE-2013-6416,CVE-2013-6417 are fixed in Ruby-actionpack for Linux 4.0.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234