CVE-2014-0081

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

Published : 2014-02-20 15:27 Updated : 2019-08-08 15:42

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Rubyonrails Ruby On Rails 0.5.0 cpe:/a:rubyonrails:ruby_on_rails:0.5.0
Rubyonrails Ruby On Rails 0.6.0 cpe:/a:rubyonrails:ruby_on_rails:0.6.0
Rubyonrails Ruby On Rails 0.6.5 cpe:/a:rubyonrails:ruby_on_rails:0.6.5
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
Rubyonrails Ruby On Rails 0.7.0 cpe:/a:rubyonrails:ruby_on_rails:0.7.0
Rubyonrails Ruby On Rails 3.2.14 cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc2
Rubyonrails Ruby On Rails 3.2.15 cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc1
Rubyonrails Ruby On Rails 3.2.14 cpe:/a:rubyonrails:ruby_on_rails:3.2.14:rc1
Rubyonrails Ruby On Rails 3.2.15 cpe:/a:rubyonrails:ruby_on_rails:3.2.15:rc2
Redhat Cloudforms 3.0 cpe:/a:redhat:cloudforms:3.0
Rubyonrails Ruby On Rails 0.8.5 cpe:/a:rubyonrails:ruby_on_rails:0.8.5
Opensuse Project Opensuse 12.3 cpe:/o:opensuse_project:opensuse:12.3
Rubyonrails Ruby On Rails 3.2.16 cpe:/a:rubyonrails:ruby_on_rails:3.2.16
Rubyonrails Ruby On Rails 3.2.14 cpe:/a:rubyonrails:ruby_on_rails:3.2.14
Rubyonrails Ruby On Rails 0.8.0 cpe:/a:rubyonrails:ruby_on_rails:0.8.0
Rubyonrails Ruby On Rails 0.5.7 cpe:/a:rubyonrails:ruby_on_rails:0.5.7
Rubyonrails Ruby On Rails 3.0.4 cpe:/a:rubyonrails:ruby_on_rails:3.0.4
Rubyonrails Ruby On Rails 0.9.0 cpe:/a:rubyonrails:ruby_on_rails:0.9.0
Rubyonrails Ruby On Rails 0.5.6 cpe:/a:rubyonrails:ruby_on_rails:0.5.6
Rubyonrails Ruby On Rails 0.5.5 cpe:/a:rubyonrails:ruby_on_rails:0.5.5
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
Rubyonrails Rails 0.9.1 cpe:/a:rubyonrails:rails:0.9.1
Rubyonrails Rails 0.9.2 cpe:/a:rubyonrails:rails:0.9.2
Rubyonrails Rails 0.9.3 cpe:/a:rubyonrails:rails:0.9.3
Rubyonrails Rails 0.9.4 cpe:/a:rubyonrails:rails:0.9.4
Rubyonrails Rails 0.9.4.1 cpe:/a:rubyonrails:rails:0.9.4.1
Rubyonrails Rails 0.10.0 cpe:/a:rubyonrails:rails:0.10.0
Rubyonrails Rails 0.10.1 cpe:/a:rubyonrails:rails:0.10.1
Rubyonrails Rails 0.11.0 cpe:/a:rubyonrails:rails:0.11.0
Rubyonrails Rails 0.11.1 cpe:/a:rubyonrails:rails:0.11.1
Rubyonrails Rails 0.12.0 cpe:/a:rubyonrails:rails:0.12.0
Rubyonrails Rails 0.12.1 cpe:/a:rubyonrails:rails:0.12.1
Rubyonrails Rails 0.13.0 cpe:/a:rubyonrails:rails:0.13.0
Rubyonrails Rails 0.13.1 cpe:/a:rubyonrails:rails:0.13.1
Rubyonrails Rails 0.14.1 cpe:/a:rubyonrails:rails:0.14.1
Rubyonrails Rails 0.14.2 cpe:/a:rubyonrails:rails:0.14.2
Rubyonrails Rails 0.14.3 cpe:/a:rubyonrails:rails:0.14.3
Rubyonrails Rails 0.14.4 cpe:/a:rubyonrails:rails:0.14.4
Rubyonrails Rails 1.0.0 cpe:/a:rubyonrails:rails:1.0.0
Rubyonrails Rails 1.1.0 cpe:/a:rubyonrails:rails:1.1.0
Rubyonrails Rails 1.1.1 cpe:/a:rubyonrails:rails:1.1.1
Rubyonrails Rails 1.1.2 cpe:/a:rubyonrails:rails:1.1.2
Rubyonrails Rails 1.1.3 cpe:/a:rubyonrails:rails:1.1.3
Rubyonrails Rails 1.1.4 cpe:/a:rubyonrails:rails:1.1.4
Rubyonrails Rails 1.1.5 cpe:/a:rubyonrails:rails:1.1.5
Rubyonrails Rails 1.1.6 cpe:/a:rubyonrails:rails:1.1.6
Rubyonrails Rails 1.2.0 cpe:/a:rubyonrails:rails:1.2.0
Rubyonrails Rails 1.2.1 cpe:/a:rubyonrails:rails:1.2.1
Rubyonrails Rails 1.2.2 cpe:/a:rubyonrails:rails:1.2.2
Rubyonrails Rails 1.2.3 cpe:/a:rubyonrails:rails:1.2.3
Rubyonrails Rails 1.2.4 cpe:/a:rubyonrails:rails:1.2.4
Rubyonrails Rails 1.2.5 cpe:/a:rubyonrails:rails:1.2.5
Rubyonrails Rails 1.2.6 cpe:/a:rubyonrails:rails:1.2.6
Rubyonrails Rails 1.9.5 cpe:/a:rubyonrails:rails:1.9.5
Rubyonrails Rails 2.0.0 cpe:/a:rubyonrails:rails:2.0.0
Rubyonrails Rails 2.0.0 cpe:/a:rubyonrails:rails:2.0.0:rc1
Rubyonrails Rails 2.0.0 cpe:/a:rubyonrails:rails:2.0.0:rc2
Rubyonrails Rails 2.0.1 cpe:/a:rubyonrails:rails:2.0.1
Rubyonrails Rails 2.0.2 cpe:/a:rubyonrails:rails:2.0.2
Rubyonrails Rails 2.0.4 cpe:/a:rubyonrails:rails:2.0.4
Rubyonrails Rails 2.1.0 cpe:/a:rubyonrails:rails:2.1.0
Rubyonrails Rails 2.1.1 cpe:/a:rubyonrails:rails:2.1.1
Rubyonrails Rails 2.1.2 cpe:/a:rubyonrails:rails:2.1.2
Rubyonrails Rails 2.2.0 cpe:/a:rubyonrails:rails:2.2.0
Rubyonrails Rails 2.2.1 cpe:/a:rubyonrails:rails:2.2.1
Rubyonrails Rails 2.2.2 cpe:/a:rubyonrails:rails:2.2.2
Rubyonrails Rails 2.3.0 cpe:/a:rubyonrails:rails:2.3.0
Rubyonrails Rails 2.3.1 cpe:/a:rubyonrails:rails:2.3.1
Rubyonrails Rails 2.3.2 cpe:/a:rubyonrails:rails:2.3.2
Rubyonrails Rails 2.3.3 cpe:/a:rubyonrails:rails:2.3.3
Rubyonrails Rails 2.3.4 cpe:/a:rubyonrails:rails:2.3.4
Rubyonrails Rails 2.3.9 cpe:/a:rubyonrails:rails:2.3.9
Rubyonrails Rails 2.3.10 cpe:/a:rubyonrails:rails:2.3.10
Rubyonrails Rails 2.3.11 cpe:/a:rubyonrails:rails:2.3.11
Rubyonrails Rails 2.3.12 cpe:/a:rubyonrails:rails:2.3.12
Rubyonrails Rails 2.3.13 cpe:/a:rubyonrails:rails:2.3.13
Rubyonrails Rails 2.3.14 cpe:/a:rubyonrails:rails:2.3.14
Rubyonrails Rails 2.3.15 cpe:/a:rubyonrails:rails:2.3.15
Rubyonrails Rails 2.3.16 cpe:/a:rubyonrails:rails:2.3.16
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta2
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta3
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:beta4
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:rc
Rubyonrails Rails 3.0.0 cpe:/a:rubyonrails:rails:3.0.0:rc2
Rubyonrails Rails 3.0.1 cpe:/a:rubyonrails:rails:3.0.1
Rubyonrails Rails 3.0.1 cpe:/a:rubyonrails:rails:3.0.1:pre
Rubyonrails Rails 3.0.2 cpe:/a:rubyonrails:rails:3.0.2
Rubyonrails Rails 3.0.2 cpe:/a:rubyonrails:rails:3.0.2:pre
Rubyonrails Rails 3.0.3 cpe:/a:rubyonrails:rails:3.0.3
Rubyonrails Rails 3.0.4 cpe:/a:rubyonrails:rails:3.0.4:rc1
Rubyonrails Rails 3.0.5 cpe:/a:rubyonrails:rails:3.0.5
Rubyonrails Rails 3.0.5 cpe:/a:rubyonrails:rails:3.0.5:rc1
Rubyonrails Rails 3.0.6 cpe:/a:rubyonrails:rails:3.0.6
Rubyonrails Rails 3.0.6 cpe:/a:rubyonrails:rails:3.0.6:rc1
Rubyonrails Rails 3.0.6 cpe:/a:rubyonrails:rails:3.0.6:rc2
Rubyonrails Rails 3.0.7 cpe:/a:rubyonrails:rails:3.0.7
Rubyonrails Rails 3.0.7 cpe:/a:rubyonrails:rails:3.0.7:rc1
Rubyonrails Rails 3.0.7 cpe:/a:rubyonrails:rails:3.0.7:rc2
Rubyonrails Rails 3.0.8 cpe:/a:rubyonrails:rails:3.0.8
Rubyonrails Rails 3.0.8 cpe:/a:rubyonrails:rails:3.0.8:rc1
Rubyonrails Rails 3.0.8 cpe:/a:rubyonrails:rails:3.0.8:rc2
Rubyonrails Rails 3.0.8 cpe:/a:rubyonrails:rails:3.0.8:rc3
Rubyonrails Rails 3.0.8 cpe:/a:rubyonrails:rails:3.0.8:rc4
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9:rc1
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9:rc2
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9:rc3
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9:rc4
Rubyonrails Rails 3.0.9 cpe:/a:rubyonrails:rails:3.0.9:rc5
Rubyonrails Rails 3.0.10 cpe:/a:rubyonrails:rails:3.0.10
Rubyonrails Rails 3.0.10 cpe:/a:rubyonrails:rails:3.0.10:rc1
Rubyonrails Rails 3.0.11 cpe:/a:rubyonrails:rails:3.0.11
Rubyonrails Rails 3.0.12 cpe:/a:rubyonrails:rails:3.0.12
Rubyonrails Rails 3.0.12 cpe:/a:rubyonrails:rails:3.0.12:rc1
Rubyonrails Rails 3.0.13 cpe:/a:rubyonrails:rails:3.0.13
Rubyonrails Rails 3.0.13 cpe:/a:rubyonrails:rails:3.0.13:rc1
Rubyonrails Rails 3.0.14 cpe:/a:rubyonrails:rails:3.0.14
Rubyonrails Rails 3.0.16 cpe:/a:rubyonrails:rails:3.0.16
Rubyonrails Rails 3.0.17 cpe:/a:rubyonrails:rails:3.0.17
Rubyonrails Rails 3.0.18 cpe:/a:rubyonrails:rails:3.0.18
Rubyonrails Rails 3.0.19 cpe:/a:rubyonrails:rails:3.0.19
Rubyonrails Rails 3.0.20 cpe:/a:rubyonrails:rails:3.0.20
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:beta1
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc1
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc2
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc3
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc4
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc5
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc6
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc7
Rubyonrails Rails 3.1.0 cpe:/a:rubyonrails:rails:3.1.0:rc8
Rubyonrails Rails 3.1.1 cpe:/a:rubyonrails:rails:3.1.1
Rubyonrails Rails 3.1.1 cpe:/a:rubyonrails:rails:3.1.1:rc1
Rubyonrails Rails 3.1.1 cpe:/a:rubyonrails:rails:3.1.1:rc2
Rubyonrails Rails 3.1.1 cpe:/a:rubyonrails:rails:3.1.1:rc3
Rubyonrails Rails 3.1.2 cpe:/a:rubyonrails:rails:3.1.2
Rubyonrails Rails 3.1.2 cpe:/a:rubyonrails:rails:3.1.2:rc1
Rubyonrails Rails 3.1.2 cpe:/a:rubyonrails:rails:3.1.2:rc2
Rubyonrails Rails 3.1.3 cpe:/a:rubyonrails:rails:3.1.3
Rubyonrails Rails 3.1.4 cpe:/a:rubyonrails:rails:3.1.4
Rubyonrails Rails 3.1.4 cpe:/a:rubyonrails:rails:3.1.4:rc1
Rubyonrails Rails 3.1.5 cpe:/a:rubyonrails:rails:3.1.5
Rubyonrails Rails 3.1.5 cpe:/a:rubyonrails:rails:3.1.5:rc1
Rubyonrails Rails 3.1.6 cpe:/a:rubyonrails:rails:3.1.6
Rubyonrails Rails 3.1.7 cpe:/a:rubyonrails:rails:3.1.7
Rubyonrails Rails 3.1.8 cpe:/a:rubyonrails:rails:3.1.8
Rubyonrails Rails 3.1.9 cpe:/a:rubyonrails:rails:3.1.9
Rubyonrails Rails 3.1.10 cpe:/a:rubyonrails:rails:3.1.10
Rubyonrails Rails 3.2.0 cpe:/a:rubyonrails:rails:3.2.0
Rubyonrails Rails 3.2.0 cpe:/a:rubyonrails:rails:3.2.0:rc1
Rubyonrails Rails 3.2.0 cpe:/a:rubyonrails:rails:3.2.0:rc2
Rubyonrails Rails 3.2.1 cpe:/a:rubyonrails:rails:3.2.1
Rubyonrails Rails 3.2.2 cpe:/a:rubyonrails:rails:3.2.2
Rubyonrails Rails 3.2.2 cpe:/a:rubyonrails:rails:3.2.2:rc1
Rubyonrails Rails 3.2.3 cpe:/a:rubyonrails:rails:3.2.3
Rubyonrails Rails 3.2.3 cpe:/a:rubyonrails:rails:3.2.3:rc1
Rubyonrails Rails 3.2.3 cpe:/a:rubyonrails:rails:3.2.3:rc2
Rubyonrails Rails 3.2.4 cpe:/a:rubyonrails:rails:3.2.4
Rubyonrails Rails 3.2.4 cpe:/a:rubyonrails:rails:3.2.4:rc1
Rubyonrails Rails 3.2.5 cpe:/a:rubyonrails:rails:3.2.5
Rubyonrails Rails 3.2.6 cpe:/a:rubyonrails:rails:3.2.6
Rubyonrails Rails 3.2.7 cpe:/a:rubyonrails:rails:3.2.7
Rubyonrails Rails 3.2.8 cpe:/a:rubyonrails:rails:3.2.8
Rubyonrails Rails 3.2.9 cpe:/a:rubyonrails:rails:3.2.9
Rubyonrails Rails 3.2.10 cpe:/a:rubyonrails:rails:3.2.10
Rubyonrails Rails 3.2.11 cpe:/a:rubyonrails:rails:3.2.11
Rubyonrails Rails 3.2.12 cpe:/a:rubyonrails:rails:3.2.12
Rubyonrails Rails 3.2.13 cpe:/a:rubyonrails:rails:3.2.13
Rubyonrails Rails 3.2.13 cpe:/a:rubyonrails:rails:3.2.13:rc1
Rubyonrails Rails 3.2.13 cpe:/a:rubyonrails:rails:3.2.13:rc2
Rubyonrails Rails 3.2.15 cpe:/a:rubyonrails:rails:3.2.15
Rubyonrails Rails 3.2.15 cpe:/a:rubyonrails:rails:3.2.15:rc3
Rubyonrails Rails 4.0.0 cpe:/a:rubyonrails:rails:4.0.0:-
Rubyonrails Rails 4.0.0 cpe:/a:rubyonrails:rails:4.0.0:beta
Rubyonrails Rails 4.0.0 cpe:/a:rubyonrails:rails:4.0.0:rc1
Rubyonrails Rails 4.0.0 cpe:/a:rubyonrails:rails:4.0.0:rc2
Rubyonrails Rails 4.0.1 cpe:/a:rubyonrails:rails:4.0.1:-
Rubyonrails Rails 4.0.1 cpe:/a:rubyonrails:rails:4.0.1:rc1
Rubyonrails Rails 4.0.1 cpe:/a:rubyonrails:rails:4.0.1:rc2
Rubyonrails Rails 4.0.1 cpe:/a:rubyonrails:rails:4.0.1:rc3
Rubyonrails Rails 4.0.1 cpe:/a:rubyonrails:rails:4.0.1:rc4
Rubyonrails Rails 4.0.2 cpe:/a:rubyonrails:rails:4.0.2
Rubyonrails Rails 4.1.0 cpe:/a:rubyonrails:rails:4.1.0:beta1
  1. Opensuse Project (1) Search CVE
    1. Opensuse (1) Search CVE
      1. 12.3
  2. Redhat (2) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 6.0
    2. Cloudforms (1) Search CVE
      1. 3.0
  3. Rubyonrails (2) Search CVE
    1. Ruby On Rails (14) Search CVE
      1. 0.5.0
      2. 0.6.0
      3. 0.6.5
      4. 0.7.0
      5. 3.2.14
      6. 3.2.15
      7. 0.8.5
      8. 3.2.16
      9. 0.8.0
      10. 0.5.7
      11. 3.0.4
      12. 0.9.0
      13. 0.5.6
      14. 0.5.5
    2. Rails (106) Search CVE
      1. 0.9.1
      2. 0.9.2
      3. 0.9.3
      4. 0.9.4
      5. 0.9.4.1
      6. 0.10.0
      7. 0.10.1
      8. 0.11.0
      9. 0.11.1
      10. 0.12.0
      11. 0.12.1
      12. 0.13.0
      13. 0.13.1
      14. 0.14.1
      15. 0.14.2
      16. 0.14.3
      17. 0.14.4
      18. 1.0.0
      19. 1.1.0
      20. 1.1.1
      21. 1.1.2
      22. 1.1.3
      23. 1.1.4
      24. 1.1.5
      25. 1.1.6
      26. 1.2.0
      27. 1.2.1
      28. 1.2.2
      29. 1.2.3
      30. 1.2.4
      31. 1.2.5
      32. 1.2.6
      33. 1.9.5
      34. 2.0.0
      35. 2.0.1
      36. 2.0.2
      37. 2.0.4
      38. 2.1.0
      39. 2.1.1
      40. 2.1.2
      41. 2.2.0
      42. 2.2.1
      43. 2.2.2
      44. 2.3.0
      45. 2.3.1
      46. 2.3.2
      47. 2.3.3
      48. 2.3.4
      49. 2.3.9
      50. 2.3.10
      51. 2.3.11
      52. 2.3.12
      53. 2.3.13
      54. 2.3.14
      55. 2.3.15
      56. 2.3.16
      57. 3.0.0
      58. 3.0.1
      59. 3.0.2
      60. 3.0.3
      61. 3.0.4
      62. 3.0.5
      63. 3.0.6
      64. 3.0.7
      65. 3.0.8
      66. 3.0.9
      67. 3.0.10
      68. 3.0.11
      69. 3.0.12
      70. 3.0.13
      71. 3.0.14
      72. 3.0.16
      73. 3.0.17
      74. 3.0.18
      75. 3.0.19
      76. 3.0.20
      77. 3.1.0
      78. 3.1.1
      79. 3.1.2
      80. 3.1.3
      81. 3.1.4
      82. 3.1.5
      83. 3.1.6
      84. 3.1.7
      85. 3.1.8
      86. 3.1.9
      87. 3.1.10
      88. 3.2.0
      89. 3.2.1
      90. 3.2.2
      91. 3.2.3
      92. 3.2.4
      93. 3.2.5
      94. 3.2.6
      95. 3.2.7
      96. 3.2.8
      97. 3.2.9
      98. 3.2.10
      99. 3.2.11
      100. 3.2.12
      101. 3.2.13
      102. 3.2.15
      103. 4.0.0
      104. 4.0.1
      105. 4.0.2
      106. 4.1.0
  4. Opensuse (1) Search CVE
    1. Opensuse (1) Search CVE
      1. 13.1

CWE

ID Name Description Links
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. CVE

History of changes

Date Event
2019-08-08 15:42
2018-10-30 16:27
2014-02-20 15:27

New CVE