CVE-2013-6415

Overview

CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in Ruby on Rails)

  • Posted December 26, 2013

  • Assessed Risk Level: Medium

An XSS vulnerability in the number_to_currrency helper allows remote attackers to add web script or HTML via the unit parameter.

Status

  • Resolved in Puppet Enterprise 2.8.4 and 3.1.1