| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-3227 | 4.3 |
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
|
08-08-2019 - 14:33 | 14-06-2007 - 23:30 | |
| CVE-2007-5379 | 5.0 |
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simp
|
31-10-2012 - 02:44 | 19-10-2007 - 23:17 | |
| CVE-2007-5380 | 6.8 |
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."
|
08-03-2011 - 03:00 | 19-10-2007 - 23:17 |