There is an XSS vulnerability in the `sanitize_css` method in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2013-1855.
There is an XSS vulnerability in the sanitize helper in Ruby on Rails. This vulnerability has been assigned the CVE identifier CVE-2013-1857.
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. This could allow an attacker to perform a denial of service attack or gain access to files stored on the application server. This vulnerability has been assigned the CVE identifier CVE-2013-1856.