Lucene search
HistoryAug 10, 2012 - 10:34 a.m.
CVE-2012-3465
cve
2012
3465
cross-site scripting
xss
vulnerability
ruby on rails
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Affected configurations
Node
rubyonrailsrailsMatch0.9.1
ORrubyonrailsrailsMatch0.9.2
ORrubyonrailsrailsMatch0.9.3
ORrubyonrailsrailsMatch0.9.4
ORrubyonrailsrailsMatch0.9.4.1
ORrubyonrailsrailsMatch0.10.0
ORrubyonrailsrailsMatch0.10.1
ORrubyonrailsrailsMatch0.11.0
ORrubyonrailsrailsMatch0.11.1
ORrubyonrailsrailsMatch0.12.0
ORrubyonrailsrailsMatch0.12.1
ORrubyonrailsrailsMatch0.13.0
ORrubyonrailsrailsMatch0.13.1
ORrubyonrailsrailsMatch0.14.1
ORrubyonrailsrailsMatch0.14.2
ORrubyonrailsrailsMatch0.14.3
ORrubyonrailsrailsMatch0.14.4
ORrubyonrailsrailsMatch1.0.0
ORrubyonrailsrailsMatch1.1.0
ORrubyonrailsrailsMatch1.1.1
ORrubyonrailsrailsMatch1.1.2
ORrubyonrailsrailsMatch1.1.3
ORrubyonrailsrailsMatch1.1.4
ORrubyonrailsrailsMatch1.1.5
ORrubyonrailsrailsMatch1.1.6
ORrubyonrailsrailsMatch1.2.0
ORrubyonrailsrailsMatch1.2.1
ORrubyonrailsrailsMatch1.2.2
ORrubyonrailsrailsMatch1.2.3
ORrubyonrailsrailsMatch1.2.4
ORrubyonrailsrailsMatch1.2.5
ORrubyonrailsrailsMatch1.2.6
ORrubyonrailsrailsMatch1.9.5
ORrubyonrailsrailsMatch2.0.0
ORrubyonrailsrailsMatch2.0.0rc1
ORrubyonrailsrailsMatch2.0.0rc2
ORrubyonrailsrailsMatch2.0.1
ORrubyonrailsrailsMatch2.0.2
ORrubyonrailsrailsMatch2.0.4
ORrubyonrailsrailsMatch2.1.0
ORrubyonrailsrailsMatch2.1.1
ORrubyonrailsrailsMatch2.1.2
ORrubyonrailsrailsMatch2.2.0
ORrubyonrailsrailsMatch2.2.1
ORrubyonrailsrailsMatch2.2.2
ORrubyonrailsrailsMatch2.3.2
ORrubyonrailsrailsMatch2.3.3
ORrubyonrailsrailsMatch2.3.4
ORrubyonrailsrailsMatch2.3.9
ORrubyonrailsrailsMatch2.3.10
ORrubyonrailsrailsMatch2.3.11
ORrubyonrailsrailsMatch2.3.12
ORrubyonrailsrailsMatch3.0.0
ORrubyonrailsrailsMatch3.0.0beta
ORrubyonrailsrailsMatch3.0.0beta2
ORrubyonrailsrailsMatch3.0.0beta3
ORrubyonrailsrailsMatch3.0.0beta4
ORrubyonrailsrailsMatch3.0.0rc
ORrubyonrailsrailsMatch3.0.0rc2
ORrubyonrailsrailsMatch3.0.1
ORrubyonrailsrailsMatch3.0.1pre
ORrubyonrailsrailsMatch3.0.2
ORrubyonrailsrailsMatch3.0.2pre
ORrubyonrailsrailsMatch3.0.3
ORrubyonrailsrailsMatch3.0.4rc1
ORrubyonrailsrailsMatch3.0.5
ORrubyonrailsrailsMatch3.0.5rc1
ORrubyonrailsrailsMatch3.0.6
ORrubyonrailsrailsMatch3.0.6rc1
ORrubyonrailsrailsMatch3.0.6rc2
ORrubyonrailsrailsMatch3.0.7
ORrubyonrailsrailsMatch3.0.7rc1
ORrubyonrailsrailsMatch3.0.7rc2
ORrubyonrailsrailsMatch3.0.8
ORrubyonrailsrailsMatch3.0.8rc1
ORrubyonrailsrailsMatch3.0.8rc2
ORrubyonrailsrailsMatch3.0.8rc3
ORrubyonrailsrailsMatch3.0.8rc4
ORrubyonrailsrailsMatch3.0.9
ORrubyonrailsrailsMatch3.0.9rc1
ORrubyonrailsrailsMatch3.0.9rc2
ORrubyonrailsrailsMatch3.0.9rc3
ORrubyonrailsrailsMatch3.0.9rc4
ORrubyonrailsrailsMatch3.0.9rc5
ORrubyonrailsrailsMatch3.0.10
ORrubyonrailsrailsMatch3.0.10rc1
ORrubyonrailsrailsMatch3.0.11
ORrubyonrailsrailsMatch3.0.12
ORrubyonrailsrailsMatch3.0.12rc1
ORrubyonrailsrailsMatch3.0.13
ORrubyonrailsrailsMatch3.0.13rc1
ORrubyonrailsrailsMatch3.0.14
ORrubyonrailsruby_on_railsRange≤3.0.16
ORrubyonrailsruby_on_railsMatch0.5.0
ORrubyonrailsruby_on_railsMatch0.5.5
ORrubyonrailsruby_on_railsMatch0.5.6
ORrubyonrailsruby_on_railsMatch0.5.7
ORrubyonrailsruby_on_railsMatch0.6.0
ORrubyonrailsruby_on_railsMatch0.6.5
ORrubyonrailsruby_on_railsMatch0.7.0
ORrubyonrailsruby_on_railsMatch0.8.0
ORrubyonrailsruby_on_railsMatch0.8.5
ORrubyonrailsruby_on_railsMatch0.9.0
ORrubyonrailsruby_on_railsMatch3.0.4
Node
rubyonrailsrailsMatch3.1.0
ORrubyonrailsrailsMatch3.1.0beta1
ORrubyonrailsrailsMatch3.1.0rc1
ORrubyonrailsrailsMatch3.1.0rc2
ORrubyonrailsrailsMatch3.1.0rc3
ORrubyonrailsrailsMatch3.1.0rc4
ORrubyonrailsrailsMatch3.1.0rc5
ORrubyonrailsrailsMatch3.1.0rc6
ORrubyonrailsrailsMatch3.1.0rc7
ORrubyonrailsrailsMatch3.1.0rc8
ORrubyonrailsrailsMatch3.1.1
ORrubyonrailsrailsMatch3.1.1rc1
ORrubyonrailsrailsMatch3.1.1rc2
ORrubyonrailsrailsMatch3.1.1rc3
ORrubyonrailsrailsMatch3.1.2
ORrubyonrailsrailsMatch3.1.2rc1
ORrubyonrailsrailsMatch3.1.2rc2
ORrubyonrailsrailsMatch3.1.3
ORrubyonrailsrailsMatch3.1.4
ORrubyonrailsrailsMatch3.1.4rc1
ORrubyonrailsrailsMatch3.1.5
ORrubyonrailsrailsMatch3.1.5rc1
ORrubyonrailsrailsMatch3.1.6
ORrubyonrailsrailsMatch3.1.7
Node
rubyonrailsrailsMatch3.2.0
ORrubyonrailsrailsMatch3.2.0rc1
ORrubyonrailsrailsMatch3.2.0rc2
ORrubyonrailsrailsMatch3.2.1
ORrubyonrailsrailsMatch3.2.2
ORrubyonrailsrailsMatch3.2.2rc1
ORrubyonrailsrailsMatch3.2.3
ORrubyonrailsrailsMatch3.2.3rc1
ORrubyonrailsrailsMatch3.2.3rc2
ORrubyonrailsrailsMatch3.2.4
ORrubyonrailsrailsMatch3.2.4rc1
ORrubyonrailsrailsMatch3.2.5
ORrubyonrailsrailsMatch3.2.6
ORrubyonrailsrailsMatch3.2.7
Related
ubuntucve
ubuntucve
CVE-2012-3465
2012-08-10 00:00:00
seebug
seebug
Ruby on Rails 'strip_tags()'跨站脚本执行漏洞
2012-08-13 00:00:00
gitlab
gitlab
XSS Vulnerability in strip_tags
2012-08-10 00:00:00
osv
osv
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:37
prion
prion
Cross site scripting
2012-08-10 10:34:00
debiancve
debiancve
CVE-2012-3465
2012-08-10 10:34:47
nvd
nvd
CVE-2012-3465
2012-08-10 10:34:47
cvelist
cvelist
CVE-2012-3465
2012-08-10 10:00:00
github
github
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:37
rubygems
rubygems
CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
2012-08-08 20:00:00
nessus
nessus
openSUSE Security Update : rubygem-actionpack-2_3 / rubygem-activesupport-2_3 (openSUSE-SU-2012:1218-1)
2014-06-13 00:00:00
Fedora 17 : rubygem-actionpack-3.0.11-7.fc17 (2012-11885)
2012-08-23 00:00:00
Fedora 16 : rubygem-actionpack-3.0.10-9.fc16 (2012-11870)
2012-08-23 00:00:00
openvas
openvas
FreeBSD Ports: rubygem-rails
2012-08-10 00:00:00
FreeBSD Ports: rubygem-rails
2012-08-10 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2012-11885
2012-08-30 00:00:00
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2012-08-08 00:00:00
debian
debian
[SECURITY] [DSA 2655-1] rails security update
2013-03-28 16:15:56
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-7.fc17
2012-08-22 21:11:17
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-8.fc17
2013-01-23 01:53:38
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-9.fc16
2012-08-22 20:58:55
redhat
redhat
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Related for CVE-2012-3465