Cross-Site Scripting Vulnerability in Ruby on Rails
CVE-2012-3464

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
10 August 2012

What is CVE-2012-3464?

A cross-site scripting (XSS) vulnerability exists in Ruby on Rails due to improper handling of input containing a single quote character. This flaw allows remote attackers to craft malicious web scripts or HTML content which may be executed in the context of the user’s browser session. As a result, users are potentially exposed to data theft, session hijacking, or other malicious activities when interacting with affected web applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-ha...
x_refsource_CONFIRM
http://secunia.com/advisories/50694
third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0154.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.