Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x prior to 4.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted HTML attribute.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 4.0.0 |
||
rubyonrails rails 4.0.1 |
||
rubyonrails rails |