Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Opensuse |
|
Opensuse Project |
|
Redhat |
|
Rubyonrails |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
CloudForms Management Engine 5.x | |||
cfme-0:5.2.2.3-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-ruby-0:1.9.3.448-40.1.el6 | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-actionpack-1:3.2.13-5.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-bunny-0:1.0.7-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-excon-0:0.31.0-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-fog-0:1.19.0-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf | cpe:/a:redhat:cloudforms_managementengine:5::el6 | RHSA-2014:0215 | 2014-03-11T00:00:00Z |
Red Hat Software Collections for RHEL-6 | |||
ruby193-rubygem-actionpack-1:3.2.8-5.3.el6 | cpe:/a:redhat:rhel_software_collections:1::el6 | RHSA-2014:0306 | 2014-03-17T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-02-20T11:00:00
Updated: 2024-08-06T09:05:38.984Z
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0081
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-02-20T15:27:09.140
Modified: 2024-11-21T02:01:19.270
Link: CVE-2014-0081
Redhat