{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T22:19:12.415","vulnerabilities":[{"cve":{"id":"CVE-2013-4492","sourceIdentifier":"secalert@redhat.com","published":"2013-12-07T00:55:03.663","lastModified":"2025-04-11T00:51:21.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call."},{"lang":"es","value":"Vulnerabilidad XSS en exceptions.rb en la gema i18n anterior a v0.6.6 para Ruby permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través una llamada manipulada I18n::MissingTranslationData.new."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:i18n_project:i18n:*:*:*:*:*:ruby:*:*","versionEndIncluding":"0.6.5","matchCriteriaId":"84799DFB-FD17-41B2-B8FB-41C86EE3634A"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html","source":"secalert@redhat.com"},{"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2013/dsa-2830","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/64076","source":"secalert@redhat.com"},{"url":"https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445","source":"secalert@redhat.com"},{"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ","source":"secalert@redhat.com"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-12/msg00093.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2013/dsa-2830","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/64076","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}