Lucene search
GoogleOSV:GHSA-QV8P-V9QW-WC7GHistoryOct 24, 2017 - 6:33 p.m.
activesupport Cross-site Scripting vulnerability
2017-10-2418:33:38
Google
osv.dev
22
0.002 Low
EPSS
Percentile
64.6%
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
References
groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
www.openwall.com/lists/oss-security/2012/03/02/6
www.openwall.com/lists/oss-security/2012/03/03/1
bugzilla.redhat.com/show_bug.cgi?id=799275
nvd.nist.gov/vuln/detail/CVE-2012-1098
Related
prion
prion
Cross site scripting
2012-03-13 10:55:00
nvd
nvd
CVE-2012-1098
2012-03-13 10:55:01
cve
cve
CVE-2012-1098
2012-03-13 10:55:01
ubuntucve
ubuntucve
CVE-2012-1098
2012-03-13 00:00:00
cvelist
cvelist
CVE-2012-1098
2012-03-13 10:00:00
debiancve
debiancve
CVE-2012-1098
2012-03-13 10:55:01
github
github
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:38
gitlab
gitlab
Direct Manipulation XSS
2012-03-13 00:00:00
rubygems
rubygems
fedora
fedora
[SECURITY] Fedora 17 Update: rubygem-activesupport-3.0.11-3.fc17
2012-03-11 17:01:21
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-2.fc16
2012-03-17 23:41:07
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-4.fc16
2012-08-22 21:13:38
openvas
openvas
Fedora Update for rubygem-activesupport FEDORA-2012-11880
2012-08-24 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2012-11880
2012-08-24 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2012-3166
2012-08-30 00:00:00
nessus
nessus