VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-1794.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-0008.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2014-1863.html
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
epss	0.01506	https://api.first.org/data/v1/epss?cve=CVE-2013-6415
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6h5q-96hp-9jgm
generic_textual	MODERATE	https://github.com/advisories/GHSA-6h5q-96hp-9jgm
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml
generic_textual	MODERATE	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-6415
generic_textual	MODERATE	https://puppet.com/security/cve/cve-2013-6415
generic_textual	MODERATE	https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077
generic_textual	MODERATE	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
generic_textual	MODERATE	http://www.debian.org/security/2014/dsa-2888

System

Score

Found at

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

generic_textual

MODERATE

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2013-1794.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-0008.html

generic_textual

MODERATE

http://rhn.redhat.com/errata/RHSA-2014-1863.html

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

epss

0.01506

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

generic_textual

MODERATE

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

generic_textual

MODERATE

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

generic_textual

MODERATE

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

generic_textual

MODERATE

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

generic_textual

MODERATE

https://puppet.com/security/cve/cve-2013-6415

generic_textual

MODERATE

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

generic_textual

MODERATE

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

generic_textual

MODERATE

http://www.debian.org/security/2014/dsa-2888

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

http://rhn.redhat.com/errata/RHSA-2013-1794.html

http://rhn.redhat.com/errata/RHSA-2014-0008.html

http://rhn.redhat.com/errata/RHSA-2014-1863.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

http://seclists.org/oss-sec/2013/q4/402

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

https://puppet.com/security/cve/cve-2013-6415

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

http://www.debian.org/security/2014/dsa-2888

1036910

https://bugzilla.redhat.com/show_bug.cgi?id=1036910

RHSA-2013:1794

https://access.redhat.com/errata/RHSA-2013:1794

RHSA-2014:0008

https://access.redhat.com/errata/RHSA-2014:0008

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:50.799166+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6415.yml	38.0.0

2026-04-01T12:46:50.799166+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6415.yml

38.0.0

Vulnerability ID	VCID-5hqj-fxmk-cbcy
Aliases	CVE-2013-6415 GHSA-6h5q-96hp-9jgm OSV-100524
Summary	XSS Vulnerability in number_to_currency The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.81107
EPSS Score	0.01506
Published At	April 1, 2026, 12:55 p.m.