Debian: 2830-1: ruby-i18n: cross-site scripting

Posted by Ridcully on Jan 1, 2014 2:32 AM
By LinuxSecurity.com
Mail this story
Web version

Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package.

Full Story

Printed at http://lxer.com/module/newswire/view/196512/index.html