Описание
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | ruby193-rubygem-will_paginate | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | ruby193-rubygem-will_paginate | Will not fix | ||
| Red Hat OpenStack Platform 3 | ruby193-rubygem-will_paginate | Will not fix | ||
| Red Hat OpenStack Platform 4 | ruby193-rubygem-will_paginate | Will not fix | ||
| Red Hat Satellite 6.3 for RHEL 7 | candlepin | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-discovery-image | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-installer | Fixed | RHSA-2018:0336 | 21.02.2018 |
| Red Hat Satellite 6.3 for RHEL 7 | foreman-proxy | Fixed | RHSA-2018:0336 | 21.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
Cross-site scripting (XSS) vulnerability in the will_paginate gem befo ...
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS2