CVE-2013-6416 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in the simple_format helper in
actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x
before 4.0.2 allows remote attackers to inject arbitrary web script or HTML
via a crafted HTML attribute.
Notes
mdeslaurin Oneiric+, rails package is just for transition
sarnoldOnly affected 4.0.x and higher
Package
Source: rails (LP Ubuntu Debian)
Upstream:not-affected
Package
Upstream:ignored (reached end-of-life)
Package
Upstream:not-affected
Package
Upstream:ignored (reached end-of-life)
Package
Upstream:not-affected
Package
Upstream:ignored (reached end-of-life)
Package
Upstream:not-affected
Package
Upstream:ignored (reached end-of-life)
Package
Upstream:not-affected
More Information

Updated: 2019-10-09 07:48:53 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)