Description
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-3712 Vulnerability (CVE-2006-3712)
MySQL CVE-2021-2174 Vulnerability (CVE-2021-2174)
Drupal Core 9.0.x Cross-Site Scripting (9.0.0 - 9.0.13)
WordPress Plugin Visitor Traffic Real Time Statistics Cross-Site Request Forgery (1.12)
WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3)