CVE-2011-2932

🗓️ 29 Aug 2011 18:00:00Reported by Debian Security Bug TrackerType

debiancve

debiancve🔗 security-tracker.debian.org👁 37 Views

Cross-site scripting vulnerability in Ruby on Rail

Reporter	Title	Published	Views	Family All 53
CVE	CVE-2011-2932	29 Aug 201118:00	–	cve
Cvelist	CVE-2011-2932	29 Aug 201118:00	–	cvelist
Debian	[SECURITY] [DSA 2655-1] rails security update	28 Mar 201316:15	–	debian
Tenable Nessus	Debian DSA-2655-1 : rails - several vulnerabilities	29 Mar 201300:00	–	nessus
Tenable Nessus	Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)	7 Sep 201100:00	–	nessus
Tenable Nessus	Fedora 15 : rubygem-activesupport-3.0.5-4.fc15 (2011-11579)	7 Sep 201100:00	–	nessus
Tenable Nessus	Fedora 14 : rubygem-activesupport-2.3.8-4.fc14 (2011-11600)	7 Sep 201100:00	–	nessus
Tenable Nessus	GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities	15 Dec 201400:00	–	nessus
EUVD	EUVD-2017-0203	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-1.fc16	7 Sep 201103:23	–	fedora

OS	OS Version	Architecture	Package	Package Version	Filename
Debian	11	any	rails	2.3.14	rails_2.3.14_any.deb
Debian	12	any	rails	2.3.14	rails_2.3.14_any.deb
Debian	13	any	rails	2.3.14	rails_2.3.14_any.deb
Debian	14	any	rails	2.3.14	rails_2.3.14_any.deb
Debian	999	any	rails	2.3.14	rails_2.3.14_any.deb

29 Aug 2011 18:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 24.3

EPSS0.02492

cve-2011-2932 activesupport unicode remote attackers web script html utf-8 escaping vulnerability unix