CVE-2014-0081
- Source
- https://cve.org/CVERecord?id=CVE-2014-0081
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2014-0081.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2014-0081
- Aliases
- Downstream
- Published
- 2014-02-20T15:27:09Z
- Modified
- 2026-04-16T06:25:36.962863188Z
- Summary
- [none]
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negativeformat, or (3) units parameter to the (a) numbertocurrency, (b) numbertopercentage, or (c) numberto_human helper.
- References
-
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html
- http://openwall.com/lists/oss-security/2014/02/18/8
- http://rhn.redhat.com/errata/RHSA-2014-0215.html
- http://rhn.redhat.com/errata/RHSA-2014-0306.html
- http://www.securityfocus.com/bid/65647
- http://www.securitytracker.com/id/1029782
- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ
- http://secunia.com/advisories/57376