10 May 2012
Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.
Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".
Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information see vulnerability #2 in:
Apply updated packages via the apt-get package manager.