actionpack Cross-site Scripting vulnerability

2017-10-2418:33:37

Google

osv.dev

0.002 Low

EPSS

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

CPENameOperatorVersion
actionpackeq3.1.1.rc1
actionpackeq3.2.6
actionpackeq2.0.5
actionpackeq3.0.12
actionpackeq2.3.12
actionpackeq0.9.0
actionpackeq3.0.14
actionpackeq3.2.8.rc1
actionpackeq3.0.10.rc1
actionpackeq3.1.2.rc2

Name	Operator	Version
actionpack	eq	3.1.1.rc1
actionpack	eq	3.2.6
actionpack	eq	2.0.5
actionpack	eq	3.0.12
actionpack	eq	2.3.12
actionpack	eq	0.9.0
actionpack	eq	3.0.14
actionpack	eq	3.2.8.rc1
actionpack	eq	3.0.10.rc1
actionpack	eq	3.1.2.rc2