Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-6416

Published: 07/12/2013 Updated: 08/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Rails

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails 4.0.0

rubyonrails rails 4.0.1

rubyonrails rails

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-actionpack-3.2: multiple vulnerabilities [CVE-2013-6414 CVE-2013-4491 CVE-2013-6415 CVE-2013-6417 CVE-2013-6416]
Debian Bug report logs - #731288 ruby-actionpack-32: multiple vulnerabilities [CVE-2013-6414 CVE-2013-4491 CVE-2013-6415 CVE-2013-6417 CVE-2013-6416] Package: ruby-actionpack-32; Maintainer for ruby-actionpack-32 is (unknown); Reported by: Antonio Terceiro <terceiro@debianorg> Date: Wed, 4 Dec 2013 01:09:01 UTC Severi ...
Debian CVElist Bug Report Logs: ruby-actionpack-4.0: multiple vulnerabilities [CVE-2013-6414 CVE-2013-4491 CVE-2013-6415 CVE-2013-6417 CVE-2013-6416]
Debian Bug report logs - #731290 ruby-actionpack-40: multiple vulnerabilities [CVE-2013-6414 CVE-2013-4491 CVE-2013-6415 CVE-2013-6417 CVE-2013-6416] Package: ruby-actionpack-40; Maintainer for ruby-actionpack-40 is (unknown); Reported by: Antonio Terceiro <terceiro@debianorg> Date: Wed, 4 Dec 2013 01:09:01 UTC Severi ...
Red Hat: CVE-2013-6416
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helperrb in Ruby on Rails 4x before 402 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute ...

References

CWE-79http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJhttp://www.securityfocus.com/bid/64071https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731288https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-6416
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook