CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in Ruby on Rails)

  • Posted December 26, 2013

  • Assessed Risk Level: Medium

An XSS vulnerability in the number_to_currrency helper allows remote attackers to add web script or HTML via the unit parameter.


  • Resolved in Puppet Enterprise 2.8.4 and 3.1.1
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.