RubySec

Providing security resources for the Ruby community

CVE-2013-6459 (will_paginate): CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities

ADVISORIES

GEM

will_paginate

SEVERITY

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • >= 3.0.5

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.