CVE-2013-6459
will_paginate < 3.0.5 - Cross-Site Scripting via Pagination Links
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56180
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0336
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64509
Patch, Vendor Advisory x_refsource_confirm
https://github.com/mislav/will_paginate/releases/tag/v3.0.5
Scores
EPSS
0.0026
EPSS Percentile
49.1%
Details
CWE
CWE-79
Status
published
Products (6)
mislav_marohnic/will_paginate
3.0
mislav_marohnic/will_paginate
3.0.1
mislav_marohnic/will_paginate
3.0.2
mislav_marohnic/will_paginate
3.0.3
mislav_marohnic/will_paginate
< 3.0.4
rubygems/will_paginate
0 - 3.0.5RubyGems
Published
Dec 31, 2013
Tracked Since
Feb 18, 2026