CVE-2013-4492

Beschreibung:
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

CWE: CWE-79

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2013-4492
CVE – CVE-2013-4492

Link (max. 20) Quelle Tags
http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/ CONFIRM Patch Vendor Advisory Third Party Advisory
https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445 CONFIRM Mailing List Third Party Advisory VDB Entry Third Party Advisory
[ruby-security-ann] 20131203 [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails MLIST Third Party Advisory Third Party Advisory VDB Entry
openSUSE-SU-2013:1930 SUSE Third Party Advisory Third Party Advisory VDB Entry
DSA-2830 DEBIAN Third Party Advisory Third Party Advisory
64076 BID Third Party Advisory VDB Entry
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10671 CONFIRM Third Party Advisory Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21695835 CONFIRM Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10100 CONFIRM Third Party Advisory VDB Entry
62698 SECUNIA Third Party Advisory Third Party Advisory VDB Entry
http://linux.oracle.com/errata/ELSA-2015-0092.html CONFIRM Third Party Advisory
62692 SECUNIA Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa90 CONFIRM Third Party Advisory Third Party Advisory VDB Entry
62690 SECUNIA Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21695860 CONFIRM Third Party Advisory
62715 SECUNIA Third Party Advisory
20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability CISCO Third Party Advisory
62688 SECUNIA Third Party Advisory
62681 SECUNIA Third Party Advisory
62667 SECUNIA Third Party Advisory Vendor Advisory

Quelle: NVD – CVE-2013-4492
Datum Veröffentlichung: 2013-12-07T00:55Z, Datum letzte Änderung: 2021-05-04T09:08Z