Описание
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12046
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
ubuntu
около 18 лет назад
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
debian
около 18 лет назад
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord: ...
EPSS
Процентиль: 94%
0.12046
Средний
4.3 Medium
CVSS2
Дефекты
CWE-79