Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2013-6459
Vulnerability from gsd - Updated: 2013-09-19 00:00Details
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-6459",
"description": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.",
"id": "GSD-2013-6459",
"references": [
"https://www.suse.com/security/cve/CVE-2013-6459.html",
"https://access.redhat.com/errata/RHSA-2018:0336",
"https://advisories.mageia.org/CVE-2013-6459.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "will_paginate",
"purl": "pkg:gem/will_paginate"
}
}
],
"aliases": [
"CVE-2013-6459",
"OSVDB-101138"
],
"details": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.",
"id": "GSD-2013-6459",
"modified": "2013-09-19T00:00:00.000Z",
"published": "2013-09-19T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 4.3,
"type": "CVSS_V2"
}
],
"summary": "CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56180"
},
{
"name": "RHSA-2018:0336",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
},
{
"name": "64509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64509"
},
{
"name": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5",
"refsource": "CONFIRM",
"url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2013-6459",
"cvss_v2": 4.3,
"date": "2013-09-19",
"description": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. It was found that ruby will_paginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the will_paginate gem to display arbitrary HTML including scripting code within the web interface.",
"gem": "will_paginate",
"osvdb": 101138,
"patched_versions": [
"\u003e= 3.0.5"
],
"title": "CVE-2013-6459 rubygem-will_paginate: XSS vulnerabilities",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6459"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c3.0.5",
"affected_versions": "All versions before 3.0.5",
"credit": "Mislav Marohni\u0107",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2018-02-22",
"description": "The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.",
"fixed_versions": [
"3.0.5"
],
"identifier": "CVE-2013-6459",
"identifiers": [
"CVE-2013-6459"
],
"package_slug": "gem/will_paginate",
"pubdate": "2013-12-31",
"solution": "Upgrade to latest.",
"title": "XSS vulnerabiliy in generated pagination links",
"urls": [
"https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw"
],
"uuid": "61033f9b-df3e-4fde-842a-1fa68ba45e22"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mislav_marohnic:will_paginate:3.0.3:-:-:*:-:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mislav_marohnic:will_paginate:3.0.2:-:-:*:-:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mislav_marohnic:will_paginate:3.0.1:-:-:*:-:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mislav_marohnic:will_paginate:3.0:-:-:*:-:ruby:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mislav_marohnic:will_paginate:*:-:-:*:-:ruby:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6459"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/mislav/will_paginate/releases/tag/v3.0.5"
},
{
"name": "56180",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56180"
},
{
"name": "64509",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/64509"
},
{
"name": "RHSA-2018:0336",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:0336"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-02-23T02:29Z",
"publishedDate": "2013-12-31T16:04Z"
}
}
}