Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-D347132DB342741439133B1375910CCBHistoryAug 10, 2012 - 12:00 a.m.
XSS Vulnerability in strip_tags
2012-08-1000:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
20
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.4%
There is an XSS vulnerability in the strip_tags helper in Ruby on Rails, the helper does not correctly handle malformed html. As a result, an attacker can execute arbitrary javascript through the use of specially crafted malformed html. All users who rely on strip_tags for XSS protection should upgrade or use the work around immediately.
Affected configurations
Node
gemactionpackRange<3.0.17
ORgemactionpackRange3.1.0≥
ORgemactionpackRange<3.1.8
ORgemactionpackRange3.2.0≥
ORgemactionpackRange<3.2.8
| CPE | Name | Operator | Version |
|---|---|---|---|
| gem/actionpack | lt | 3.0.17 | |
| gem/actionpack | ge | 3.1.0 | |
| gem/actionpack | lt | 3.1.8 | |
| gem/actionpack | ge | 3.2.0 | |
| gem/actionpack | lt | 3.2.8 |
Related
nvd
nvd
CVE-2012-3465
2012-08-10 10:34:47
debiancve
debiancve
CVE-2012-3465
2012-08-10 10:34:47
prion
prion
Cross site scripting
2012-08-10 10:34:00
osv
osv
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:37
cvelist
cvelist
CVE-2012-3465
2012-08-10 10:00:00
github
github
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:37
cve
cve
CVE-2012-3465
2012-08-10 10:34:47
seebug
seebug
Ruby on Rails 'strip_tags()'跨站脚本执行漏洞
2012-08-13 00:00:00
ubuntucve
ubuntucve
CVE-2012-3465
2012-08-10 00:00:00
rubygems
rubygems
CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags
2012-08-08 20:00:00
nessus
nessus
openvas
openvas
FreeBSD Ports: rubygem-rails
2012-08-10 00:00:00
FreeBSD Ports: rubygem-rails
2012-08-10 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2012-11885
2012-08-30 00:00:00
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2012-08-08 00:00:00
debian
debian
[SECURITY] [DSA 2655-1] rails security update
2013-03-28 16:15:56
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-7.fc17
2012-08-22 21:11:17
[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-8.fc17
2013-01-23 01:53:38
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-9.fc16
2012-08-22 20:58:55
redhat
redhat
(RHSA-2013:0154) Critical: Ruby on Rails security update
2013-01-10 20:37:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.4%
Related for GITLAB-D347132DB342741439133B1375910CCB