Ruby on Rails 'number_to_currency' Helper Cross Site Scripting Vulnerability

Bugtraq ID: 64077
Class: Input Validation Error
CVE: CVE-2013-6415
Remote: Yes
Local: No
Published: Dec 04 2013 12:00AM
Updated: Apr 13 2015 09:47PM
Credit: Ankit Gupta
Vulnerable: SuSE WebYaST 1.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
SuSE Studio Onsite 1.3
SuSE Lifecycle Management Server 1.3
S.u.S.E. openSUSE 13.1
S.u.S.E. openSUSE 12.3
S.u.S.E. openSUSE 12.2
Ruby on Rails Ruby on Rails 4.0.1
Ruby on Rails Ruby on Rails 4.0
Ruby on Rails Ruby on Rails 3.2.13
Ruby on Rails Ruby on Rails 3.2.12
Ruby on Rails Ruby on Rails 3.2.11
Ruby on Rails Ruby on Rails 3.2.10
Ruby on Rails Ruby on Rails 3.2.8
Ruby on Rails Ruby on Rails 3.2.7
Ruby on Rails Ruby on Rails 3.2.6
Ruby on Rails Ruby on Rails 3.2.4
Ruby on Rails Ruby on Rails 3.2.2
Ruby on Rails Ruby on Rails 3.1.12
Ruby on Rails Ruby on Rails 3.1.11
Ruby on Rails Ruby on Rails 3.1.9
Ruby on Rails Ruby on Rails 3.1.8
Ruby on Rails Ruby on Rails 3.1.7
Ruby on Rails Ruby on Rails 3.1.6
Ruby on Rails Ruby on Rails 3.1.5
Ruby on Rails Ruby on Rails 3.1.4
Ruby on Rails Ruby on Rails 3.1.2
Ruby on Rails Ruby on Rails 3.1
Ruby on Rails Ruby on Rails 3.0.6
Ruby on Rails Ruby on Rails 3.2.15
Ruby on Rails Ruby on Rails 3.2
Ruby on Rails Ruby on Rails 3.0.8
Ruby on Rails Ruby on Rails 3.0.7
Redhat Software Collections 1 for RHEL 6 0
Redhat OpenStack 3.0
Puppetlabs Puppet Enterprise 3.1
Puppetlabs Puppet Enterprise 2.8.3
Puppetlabs Puppet Enterprise 2.8.2
Puppetlabs Puppet Enterprise 2.8.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Not Vulnerable: Ruby on Rails Ruby on Rails 4.0.2
Ruby on Rails Ruby on Rails 3.2.16
Puppetlabs Puppet Enterprise 3.1.1
Puppetlabs Puppet Enterprise 2.8.4


 

Privacy Statement
Copyright 2010, SecurityFocus