Description

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

Remediation

References

CVE-2007-3227

Related Vulnerabilities

WordPress Plugin Blaze Slideshow Arbitrary File Upload (2.7)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)

WordPress Plugin FormCraft-Contact Form Builder Cross-Site Request Forgery (1.2.1)

MediaWiki Other Vulnerability (CVE-2007-0894)

Drupal Core 7.x Security Bypass (7.0 - 7.90)

Severity

Medium

Classification

CVE-2007-3227 CWE-707

Tags

Missing Update Known Vulnerabilities