Cross-Site Scripting Vulnerability in Ruby on Rails
CVE-2012-3464

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 10 August 2012

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2012-3464?

A cross-site scripting (XSS) vulnerability exists in Ruby on Rails due to improper handling of input containing a single quote character. This flaw allows remote attackers to craft malicious web scripts or HTML content which may be executed in the context of the user’s browser session. As a result, users are potentially exposed to data theft, session hijacking, or other malicious activities when interacting with affected web applications.

References

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-ha...

x_refsource_CONFIRM

http://secunia.com/advisories/50694

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2013-0154.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2012
Vulnerability Reserved
Jun 14, 2012