Lucene search
BCCEDB-ID:30089HistoryMay 25, 2007 - 12:00 a.m.
Ruby on Rails 1.2.3 To_JSON - Script Injection
2007-05-2500:00:00
BCC
www.exploit-db.com
16
source: https://www.securityfocus.com/bid/24161/info
Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue affects Ruby on Rails 1.2.3; other versions may also be affected.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30089.tgzRelated
debiancve
debiancve
CVE-2007-3227
2007-06-14 23:30:00
osv
osv
Moderate severity vulnerability that affects rails
2017-10-24 18:33:38
cvelist
cvelist
CVE-2007-3227
2007-06-14 23:00:00
cve
cve
CVE-2007-3227
2007-06-14 23:30:00
freebsd
freebsd
rubygem-rails -- JSON XSS vulnerability
2007-10-12 00:00:00
nessus
nessus
prion
prion
Cross site scripting
2007-06-14 23:30:00
nvd
nvd
CVE-2007-3227
2007-06-14 23:30:00
ubuntucve
ubuntucve
CVE-2007-3227
2007-06-14 00:00:00
openvas
openvas
FreeBSD Ports: rubygem-rails
2008-09-04 00:00:00
FreeBSD Ports: rubygem-rails
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200711-17 (rails)
2008-09-24 00:00:00
github
github
Moderate severity vulnerability that affects rails
2017-10-24 18:33:38
rubygems
rubygems
Moderate severity vulnerability that affects rails
2017-10-23 21:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2007-11-17 00:00:00
[ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities
2007-11-15 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2007-11-14 00:00:00