| CVE-2014-0081 |
medium |
— |
4.3 |
|
|
|
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remot… |
| CVE-2007-3227 |
unknown |
— |
1.0 |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input va… |
| CVE-2024-26143 |
unknown |
— |
— |
|
|
|
2y ago |
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a c… |
| CVE-2007-5380 |
unknown |
— |
— |
|
|
|
9y ago |
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions." |
| CVE-2006-4111 |
unknown |
— |
— |
|
|
|
9y ago |
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a differe… |
| CVE-2008-5189 |
unknown |
— |
— |
|
|
|
9y ago |
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to fu… |
| CVE-2009-4214 |
unknown |
— |
— |
|
|
|
9y ago |
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors i… |
| CVE-2007-6077 |
unknown |
— |
— |
|
|
|
9y ago |
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively c… |
| CVE-2006-4112 |
unknown |
— |
— |
|
|
|
9y ago |
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled i… |
| CVE-2007-5379 |
unknown |
— |
— |
|
|
|
9y ago |
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Has… |
| CVE-2009-2422 |
unknown |
— |
— |
|
|
|
17y ago |
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead … |
