NuytsTech Security

CVE-2007-3227

by ·

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

Date published : 2007-06-14

http://www.securityfocus.com/bid/24161

http://bugs.gentoo.org/show_bug.cgi?id=195315

Tags: