Cross-Site Scripting Vulnerability in Ruby on Rails by Ruby
CVE-2012-3465

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 10 August 2012

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2012-3465?

A cross-site scripting (XSS) vulnerability exists in the strip_tags helper within the sanitize_helper.rb file of Ruby on Rails versions prior to 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8. This flaw allows remote attackers to exploit malformed HTML markup, potentially injecting arbitrary web scripts or HTML, compromising the security of affected applications. Users are advised to upgrade to the latest versions to mitigate this risk.

References

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-ha...

x_refsource_CONFIRM

http://secunia.com/advisories/50694

third-party-advisoryx_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2013-0154.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2012
Vulnerability Reserved
Jun 14, 2012