XSS in Opensuse_project Opensuse

CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web scri…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.009 (75.8th percentile) — read the EPSS interpretation.

Affected products

Opensuse_project Opensuse — versions 12.3
Rubyonrails Rails — versions 0.9.1, 0.9.2, 0.9.3
Rubyonrails Ruby_on_rails — versions 0.5.0, 0.5.5, 0.5.6
Opensuse — versions 13.1
Redhat Cloudforms — versions 3.0
Redhat Enterprise_linux — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

RHSA-2014:0215 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
RHSA-2014:0306 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
65647 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1029782 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
[oss-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081) (mailing-list, x_refsource_MLIST, Third Party Advisory)
openSUSE-SU-2014:0295 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
57376 (Permissions Required, x_refsource_SECUNIA, third-party-advisory)
[rubyonrails-security] 20140218 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081) (mailing-list, x_refsource_MLIST, Third Party Advisory)