PT-2012-3082 · Ruby · Ruby On Rails
Jan Lieskovsky
·
Publicado
2012-03-13
·
Atualizado
2019-08-08
·
CVE-2012-1099
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Ruby on Rails versions 3.0.x through 3.0.11
Ruby on Rails versions 3.1.x through 3.1.3
Ruby on Rails versions 3.2.x through 3.2.1
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements. This is due to a vulnerability in the select helper in actionpack/lib/action view/helpers/form options helper.rb.
Recommendations
For Ruby on Rails versions 3.0.x through 3.0.11, update to version 3.0.12 or later.
For Ruby on Rails versions 3.1.x through 3.1.3, update to version 3.1.4 or later.
For Ruby on Rails versions 3.2.x through 3.2.1, update to version 3.2.2 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ruby On Rails