Project's rails & i18n gem versions are vulnerable to cross-site scripting (XSS) RB-A1007

The internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. Upgrading to newer versions of Rails & i18n gem can help fix this issue.

References

1. CVE-2013-4491 - Rails Security Group
2. CVE-2013-4491 - GitHub Advisory Database
3. OWASP Top 10 - A7 - Cross Site Scripting (XSS)
4. OWASP Top 10 - A9 - Using Components With Known Vulnerabilities