Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4491

Опубликовано: 03 дек. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.

It was discovered that the internationalization component of Ruby on Rails could, under certain circumstances, return a fallback HTML string that contained user input. A remote attacker could possibly use this flaw to perform a reflective cross-site scripting (XSS) attack by providing a specially crafted input to an application using the aforementioned component.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5ruby193-rubygem-actionpackWill not fix
OpenShift Enterprise 1ruby193-rubygem-actionpackWill not fix
Red Hat OpenStack Platform 4ruby193-rubygem-actionpackNot affected
Red Hat Satellite 6ruby193-rubygem-actionpackAffected
Red Hat Software Collectionsror40-rubygem-actionpackNot affected
Red Hat Subscription Asset Managerrubygem-actionpackAffected
OpenStack 3 for RHEL 6ruby193-rubygem-actionpackFixedRHSA-2014:000806.01.2014
Red Hat Software Collections for RHEL-6ruby193-rubygem-actionpackFixedRHSA-2013:179405.12.2013
Red Hat Subscription Asset Manager 1.4katelloFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionmailerFixedRHSA-2014:186317.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1036922rubygem-actionpack: i18n missing translation XSS

EPSS

Процентиль: 72%
0.00713
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4491

ubuntu
около 12 лет назад

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.

nvd логотип

CVE-2013-4491

nvd
около 12 лет назад

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.

debian логотип

CVE-2013-4491

debian
около 12 лет назад

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...

github логотип

GHSA-699m-mcjm-9cw8

github
больше 8 лет назад

actionpack vulnerable to Cross-site Scripting

EPSS

Процентиль: 72%
0.00713
Низкий

4.3 Medium

CVSS2