Ben Toews

**Name of the Vulnerable Software and Affected Versions** jquery-rails versions 3.1.3 and earlier, jquery-rails versions 4.x prior to 4.0.4 jquery-ujs versions 1.0.4 and earlier **Description** The issue allows remote attackers to bypass the Same Origin Policy and trigger transmission of a CSRF token to a different-domain web server. This is achieved via a leading space character in a URL within an attribute value. **Recommendations** For jquery-rails versions 3.1.3 and earlier, update to version 3.1.3 or later. For jquery-rails versions 4.x prior to 4.0.4, update to version 4.0.4 or later. For jquery-ujs versions 1.0.4 and earlier, update to version 1.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7 **Description** The issue concerns the history-clearing feature in Safari, which does not properly clear the back/forward history of an open tab. This allows physically proximate attackers to obtain sensitive information by accessing an unattended workstation. **Recommendations** For versions prior to 7, consider manually clearing the browser history after each use to minimize the risk of sensitive information exposure.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file, due to the failure to prevent HTML interpretation of a document served with a text/plain content type. **Recommendations** For versions prior to 7, update to version 7 or later to resolve the issue.