Lucene search

[email protected]CVE-2012-3464

HistoryAug 10, 2012 - 10:34 a.m.

CVE-2012-3464

2012-08-1010:34:47

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

3464

xss

vulnerability

ruby on rails

remote attackers

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ’ (quote) character.

Affected configurations

NVD

Node

rubyonrailsrailsMatch0.9.1

rubyonrailsrailsMatch0.9.2

rubyonrailsrailsMatch0.9.3

rubyonrailsrailsMatch0.9.4

rubyonrailsrailsMatch0.9.4.1

rubyonrailsrailsMatch0.10.0

rubyonrailsrailsMatch0.10.1

rubyonrailsrailsMatch0.11.0

rubyonrailsrailsMatch0.11.1

rubyonrailsrailsMatch0.12.0

rubyonrailsrailsMatch0.12.1

rubyonrailsrailsMatch0.13.0

rubyonrailsrailsMatch0.13.1

rubyonrailsrailsMatch0.14.1

rubyonrailsrailsMatch0.14.2

rubyonrailsrailsMatch0.14.3

rubyonrailsrailsMatch0.14.4

rubyonrailsrailsMatch1.0.0

rubyonrailsrailsMatch1.1.0

rubyonrailsrailsMatch1.1.1

rubyonrailsrailsMatch1.1.2

rubyonrailsrailsMatch1.1.3

rubyonrailsrailsMatch1.1.4

rubyonrailsrailsMatch1.1.5

rubyonrailsrailsMatch1.1.6

rubyonrailsrailsMatch1.2.0

rubyonrailsrailsMatch1.2.1

rubyonrailsrailsMatch1.2.2

rubyonrailsrailsMatch1.2.3

rubyonrailsrailsMatch1.2.4

rubyonrailsrailsMatch1.2.5

rubyonrailsrailsMatch1.2.6

rubyonrailsrailsMatch1.9.5

rubyonrailsrailsMatch2.0.0

rubyonrailsrailsMatch2.0.0rc1

rubyonrailsrailsMatch2.0.0rc2

rubyonrailsrailsMatch2.0.1

rubyonrailsrailsMatch2.0.2

rubyonrailsrailsMatch2.0.4

rubyonrailsrailsMatch2.1.0

rubyonrailsrailsMatch2.1.1

rubyonrailsrailsMatch2.1.2

rubyonrailsrailsMatch2.2.0

rubyonrailsrailsMatch2.2.1

rubyonrailsrailsMatch2.2.2

rubyonrailsrailsMatch2.3.2

rubyonrailsrailsMatch2.3.3

rubyonrailsrailsMatch2.3.4

rubyonrailsrailsMatch2.3.9

rubyonrailsrailsMatch2.3.10

rubyonrailsrailsMatch2.3.11

rubyonrailsrailsMatch2.3.12

rubyonrailsrailsMatch3.0.0

rubyonrailsrailsMatch3.0.0beta

rubyonrailsrailsMatch3.0.0beta2

rubyonrailsrailsMatch3.0.0beta3

rubyonrailsrailsMatch3.0.0beta4

rubyonrailsrailsMatch3.0.0rc

rubyonrailsrailsMatch3.0.0rc2

rubyonrailsrailsMatch3.0.1

rubyonrailsrailsMatch3.0.1pre

rubyonrailsrailsMatch3.0.2

rubyonrailsrailsMatch3.0.2pre

rubyonrailsrailsMatch3.0.3

rubyonrailsrailsMatch3.0.4rc1

rubyonrailsrailsMatch3.0.5

rubyonrailsrailsMatch3.0.5rc1

rubyonrailsrailsMatch3.0.6

rubyonrailsrailsMatch3.0.6rc1

rubyonrailsrailsMatch3.0.6rc2

rubyonrailsrailsMatch3.0.7

rubyonrailsrailsMatch3.0.7rc1

rubyonrailsrailsMatch3.0.7rc2

rubyonrailsrailsMatch3.0.8

rubyonrailsrailsMatch3.0.8rc1

rubyonrailsrailsMatch3.0.8rc2

rubyonrailsrailsMatch3.0.8rc3

rubyonrailsrailsMatch3.0.8rc4

rubyonrailsrailsMatch3.0.9

rubyonrailsrailsMatch3.0.9rc1

rubyonrailsrailsMatch3.0.9rc2

rubyonrailsrailsMatch3.0.9rc3

rubyonrailsrailsMatch3.0.9rc4

rubyonrailsrailsMatch3.0.9rc5

rubyonrailsrailsMatch3.0.10

rubyonrailsrailsMatch3.0.10rc1

rubyonrailsrailsMatch3.0.11

rubyonrailsrailsMatch3.0.12

rubyonrailsrailsMatch3.0.12rc1

rubyonrailsrailsMatch3.0.13

rubyonrailsrailsMatch3.0.13rc1

rubyonrailsrailsMatch3.0.14

rubyonrailsruby_on_railsRange≤3.0.16

rubyonrailsruby_on_railsMatch0.5.0

rubyonrailsruby_on_railsMatch0.5.5

rubyonrailsruby_on_railsMatch0.5.6

rubyonrailsruby_on_railsMatch0.5.7

rubyonrailsruby_on_railsMatch0.6.0

rubyonrailsruby_on_railsMatch0.6.5

rubyonrailsruby_on_railsMatch0.7.0

rubyonrailsruby_on_railsMatch0.8.0

rubyonrailsruby_on_railsMatch0.8.5

rubyonrailsruby_on_railsMatch0.9.0

rubyonrailsruby_on_railsMatch3.0.4

Node

rubyonrailsrailsMatch3.1.0

rubyonrailsrailsMatch3.1.0beta1

rubyonrailsrailsMatch3.1.0rc1

rubyonrailsrailsMatch3.1.0rc2

rubyonrailsrailsMatch3.1.0rc3

rubyonrailsrailsMatch3.1.0rc4

rubyonrailsrailsMatch3.1.0rc5

rubyonrailsrailsMatch3.1.0rc6

rubyonrailsrailsMatch3.1.0rc7

rubyonrailsrailsMatch3.1.0rc8

rubyonrailsrailsMatch3.1.1

rubyonrailsrailsMatch3.1.1rc1

rubyonrailsrailsMatch3.1.1rc2

rubyonrailsrailsMatch3.1.1rc3

rubyonrailsrailsMatch3.1.2

rubyonrailsrailsMatch3.1.2rc1

rubyonrailsrailsMatch3.1.2rc2

rubyonrailsrailsMatch3.1.3

rubyonrailsrailsMatch3.1.4

rubyonrailsrailsMatch3.1.4rc1

rubyonrailsrailsMatch3.1.5

rubyonrailsrailsMatch3.1.5rc1

rubyonrailsrailsMatch3.1.6

rubyonrailsrailsMatch3.1.7

Node

rubyonrailsrailsMatch3.2.0

rubyonrailsrailsMatch3.2.0rc1

rubyonrailsrailsMatch3.2.0rc2

rubyonrailsrailsMatch3.2.1

rubyonrailsrailsMatch3.2.2

rubyonrailsrailsMatch3.2.2rc1

rubyonrailsrailsMatch3.2.3

rubyonrailsrailsMatch3.2.3rc1

rubyonrailsrailsMatch3.2.3rc2

rubyonrailsrailsMatch3.2.4

rubyonrailsrailsMatch3.2.4rc1

rubyonrailsrailsMatch3.2.5

rubyonrailsrailsMatch3.2.6

rubyonrailsrailsMatch3.2.7

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq0.9.1
rubyonrails:railsrubyonrails railseq0.9.2
rubyonrails:railsrubyonrails railseq0.9.3
rubyonrails:railsrubyonrails railseq0.9.4
rubyonrails:railsrubyonrails railseq0.9.4.1
rubyonrails:railsrubyonrails railseq0.10.0
rubyonrails:railsrubyonrails railseq0.10.1
rubyonrails:railsrubyonrails railseq0.11.0
rubyonrails:railsrubyonrails railseq0.11.1
rubyonrails:railsrubyonrails railseq0.12.0

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	0.9.1
rubyonrails:rails	rubyonrails rails	eq	0.9.2
rubyonrails:rails	rubyonrails rails	eq	0.9.3
rubyonrails:rails	rubyonrails rails	eq	0.9.4
rubyonrails:rails	rubyonrails rails	eq	0.9.4.1
rubyonrails:rails	rubyonrails rails	eq	0.10.0
rubyonrails:rails	rubyonrails rails	eq	0.10.1
rubyonrails:rails	rubyonrails rails	eq	0.11.0
rubyonrails:rails	rubyonrails rails	eq	0.11.1
rubyonrails:rails	rubyonrails rails	eq	0.12.0