CVSS v2: 4.3
- >= 3.0.5
will_paginate Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to generated pagination links before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a users browser within the trust relationship between their browser and the server.