Description

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.

Remediation

References

CVE-2013-6416

Related Vulnerabilities

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.25)

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-0698)

Plone CMS Other Vulnerability (CVE-2006-1711)

PHP Out-of-bounds Write Vulnerability (CVE-2008-2371)

WordPress Plugin Strong Testimonials Cross-Site Scripting (2.40.0)

Severity

Medium

Classification

CVE-2013-6416 CWE-707

Tags

Missing Update Known Vulnerabilities