RubySec

Providing security resources for the Ruby community

CVE-2013-6459 (will_paginate): will_paginate Gem for Ruby Generated Pagination Link Unspecified XSS

ADVISORIES

GEM

will_paginate

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • >= 3.0.5

DESCRIPTION

will_paginate Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to generated pagination links before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a users browser within the trust relationship between their browser and the server.