Description
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
Remediation
References
Related Vulnerabilities
silverstripeCMS Credentials Management Errors Vulnerability (CVE-2010-5080)
WordPress Plugin Salon Booking System Cross-Site Scripting (6.3)
WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)