Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dh5x-wb2a-1ufj
Vulnerability ID VCID-dh5x-wb2a-1ufj
Aliases CVE-2013-6459
GHSA-8r6h-7x9g-xmw9
OSV-101138
Summary XSS vulnerabiliy in generated pagination links The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2018:0336
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
epss 0.00361 https://api.first.org/data/v1/epss?cve=CVE-2013-6459
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8r6h-7x9g-xmw9
generic_textual MODERATE https://github.com/mislav/will_paginate
generic_textual MODERATE https://github.com/mislav/will_paginate/releases/tag/v3.0.5
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-6459
generic_textual MODERATE https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2018:0336
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6459
https://github.com/mislav/will_paginate
https://github.com/mislav/will_paginate/releases/tag/v3.0.5
https://groups.google.com/forum/#!topic/will_paginate/Dguinf-5Sbw
https://nvd.nist.gov/vuln/detail/CVE-2013-6459
https://web.archive.org/web/20150709163604/http://www.securityfocus.com/bid/64509
1046642 https://bugzilla.redhat.com/show_bug.cgi?id=1046642
733209 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733209
GHSA-8r6h-7x9g-xmw9 https://github.com/advisories/GHSA-8r6h-7x9g-xmw9
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6459.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.49089
EPSS Score 0.00257
Published At April 8, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:46:51.126512+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/will_paginate/CVE-2013-6459.yml 38.0.0