ADVISORIES
- CVE-2013-6459 (NVD)
- GHSA-8r6h-7x9g-xmw9
- OSVDB-101138
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 3.0.5
DESCRIPTION
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.