Lucene search

K
cveRedhatCVE-2015-3226
HistoryJul 26, 2015 - 10:59 p.m.

CVE-2015-3226

2015-07-2622:59:05
CWE-79
redhat
web.nvd.nist.gov
64
cve-2015-3226
cross-site scripting
xss
vulnerability
ruby on rails 3.x
ruby on rails 4.1.x
json encoding

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.5%

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

Affected configurations

Nvd
Node
rubyonrailsrailsMatch3.0.0
OR
rubyonrailsrailsMatch3.1.0
OR
rubyonrailsrailsMatch3.2.0
OR
rubyonrailsrailsMatch3.2.1
OR
rubyonrailsrailsMatch3.2.2
OR
rubyonrailsrailsMatch3.2.3
OR
rubyonrailsrailsMatch3.2.4
OR
rubyonrailsrailsMatch3.2.5
OR
rubyonrailsrailsMatch3.2.6
OR
rubyonrailsrailsMatch3.2.7
OR
rubyonrailsrailsMatch3.2.8
OR
rubyonrailsrailsMatch3.2.9
OR
rubyonrailsrailsMatch3.2.10
OR
rubyonrailsrailsMatch3.2.11
OR
rubyonrailsrailsMatch3.2.12
OR
rubyonrailsrailsMatch3.2.13
OR
rubyonrailsrailsMatch3.2.15
OR
rubyonrailsrailsMatch3.2.16
OR
rubyonrailsrailsMatch3.2.17
OR
rubyonrailsrailsMatch4.1.0
OR
rubyonrailsrailsMatch4.1.1
OR
rubyonrailsrailsMatch4.1.2
OR
rubyonrailsrailsMatch4.1.3
OR
rubyonrailsrailsMatch4.1.4
OR
rubyonrailsrailsMatch4.1.5
OR
rubyonrailsrailsMatch4.1.6
OR
rubyonrailsrailsMatch4.1.7
OR
rubyonrailsrailsMatch4.1.8
OR
rubyonrailsrailsMatch4.2.0
OR
rubyonrailsrailsMatch4.2.1
OR
rubyonrailsruby_on_railsMatch3.2.14
VendorProductVersionCPE
rubyonrailsrails3.0.0cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
rubyonrailsrails3.1.0cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
rubyonrailsrails3.2.0cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
rubyonrailsrails3.2.1cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
rubyonrailsrails3.2.2cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
rubyonrailsrails3.2.3cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
rubyonrailsrails3.2.4cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
rubyonrailsrails3.2.5cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
rubyonrailsrails3.2.6cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
rubyonrailsrails3.2.7cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
Rows per page:
1-10 of 311

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

65.5%