Description

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

Remediation

References

CVE-2015-3226

Related Vulnerabilities

WebLogic CVE-2019-2646 Vulnerability (CVE-2019-2646)

WordPress 4.8.x Possible SQL Injection Vulnerability (4.8 - 4.8.2)

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)

WordPress Plugin WooCommerce Multilingual-run WooCommerce with WPML Multiple Unspecified Vulnerabilities (3.5.4)

Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)

Severity

Medium

Classification

CVE-2015-3226 CWE-707

Tags

Missing Update Known Vulnerabilities