4.3

CVE-2012-3463

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RubyonrailsRails Version3.0.0
RubyonrailsRails Version3.0.0 Updatebeta
RubyonrailsRails Version3.0.0 Updatebeta2
RubyonrailsRails Version3.0.0 Updatebeta3
RubyonrailsRails Version3.0.0 Updatebeta4
RubyonrailsRails Version3.0.0 Updaterc
RubyonrailsRails Version3.0.0 Updaterc2
RubyonrailsRails Version3.0.1
RubyonrailsRails Version3.0.1 Updatepre
RubyonrailsRails Version3.0.2
RubyonrailsRails Version3.0.2 Updatepre
RubyonrailsRails Version3.0.3
RubyonrailsRails Version3.0.4 Updaterc1
RubyonrailsRails Version3.0.5
RubyonrailsRails Version3.0.5 Updaterc1
RubyonrailsRails Version3.0.6
RubyonrailsRails Version3.0.6 Updaterc1
RubyonrailsRails Version3.0.6 Updaterc2
RubyonrailsRails Version3.0.7
RubyonrailsRails Version3.0.7 Updaterc1
RubyonrailsRails Version3.0.7 Updaterc2
RubyonrailsRails Version3.0.8
RubyonrailsRails Version3.0.8 Updaterc1
RubyonrailsRails Version3.0.8 Updaterc2
RubyonrailsRails Version3.0.8 Updaterc3
RubyonrailsRails Version3.0.8 Updaterc4
RubyonrailsRails Version3.0.9
RubyonrailsRails Version3.0.9 Updaterc1
RubyonrailsRails Version3.0.9 Updaterc2
RubyonrailsRails Version3.0.9 Updaterc3
RubyonrailsRails Version3.0.9 Updaterc4
RubyonrailsRails Version3.0.9 Updaterc5
RubyonrailsRails Version3.0.10
RubyonrailsRails Version3.0.10 Updaterc1
RubyonrailsRails Version3.0.11
RubyonrailsRails Version3.0.12
RubyonrailsRails Version3.0.12 Updaterc1
RubyonrailsRails Version3.0.13
RubyonrailsRails Version3.0.13 Updaterc1
RubyonrailsRails Version3.0.14
RubyonrailsRails Version3.0.16
RubyonrailsRuby On Rails Version3.0.4
RubyonrailsRails Version3.1.0
RubyonrailsRails Version3.1.0 Updatebeta1
RubyonrailsRails Version3.1.0 Updaterc1
RubyonrailsRails Version3.1.0 Updaterc2
RubyonrailsRails Version3.1.0 Updaterc3
RubyonrailsRails Version3.1.0 Updaterc4
RubyonrailsRails Version3.1.0 Updaterc5
RubyonrailsRails Version3.1.0 Updaterc6
RubyonrailsRails Version3.1.0 Updaterc7
RubyonrailsRails Version3.1.0 Updaterc8
RubyonrailsRails Version3.1.1
RubyonrailsRails Version3.1.1 Updaterc1
RubyonrailsRails Version3.1.1 Updaterc2
RubyonrailsRails Version3.1.1 Updaterc3
RubyonrailsRails Version3.1.2
RubyonrailsRails Version3.1.2 Updaterc1
RubyonrailsRails Version3.1.2 Updaterc2
RubyonrailsRails Version3.1.3
RubyonrailsRails Version3.1.4
RubyonrailsRails Version3.1.4 Updaterc1
RubyonrailsRails Version3.1.5
RubyonrailsRails Version3.1.5 Updaterc1
RubyonrailsRails Version3.1.6
RubyonrailsRails Version3.1.7
RubyonrailsRails Version3.2.0
RubyonrailsRails Version3.2.0 Updaterc1
RubyonrailsRails Version3.2.0 Updaterc2
RubyonrailsRails Version3.2.1
RubyonrailsRails Version3.2.2
RubyonrailsRails Version3.2.2 Updaterc1
RubyonrailsRails Version3.2.3
RubyonrailsRails Version3.2.3 Updaterc1
RubyonrailsRails Version3.2.3 Updaterc2
RubyonrailsRails Version3.2.4
RubyonrailsRails Version3.2.4 Updaterc1
RubyonrailsRails Version3.2.5
RubyonrailsRails Version3.2.6
RubyonrailsRails Version3.2.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.554
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.