Published: 31/12/2013 Updated: 23/02/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the will_paginate gem prior to 3.0.5 for Ruby allows remote malicious users to inject arbitrary web script or HTML via vectors involving generated pagination links.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mislav marohnic will paginate 3.0.3
mislav marohnic will paginate 3.0.2
mislav marohnic will paginate 3.0.1
mislav marohnic will paginate 3.0
mislav marohnic will paginate

Synopsis Important: Satellite 63 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat SatelliteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...

Debian Bug report logs - #733209 ruby-will-paginate: CVE-2013-6459: XSS vulnerabilities Package: ruby-will-paginate; Maintainer for ruby-will-paginate is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-will-paginate is src:ruby-will-paginate (PTS, buildd, popcon) Reported ...

It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface ...

CWE-79 https://github.com/mislav/will_paginate/releases/tag/v3.0.5 http://secunia.com/advisories/56180 http://www.securityfocus.com/bid/64509 https://access.redhat.com/errata/RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-6459

CVE-2013-6459

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect