Lucene search

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

🗓️ 24 Oct 2017 00:00:00Reported by https://gitlab.com/gitlab-org/security-products/gemnasium-dbType

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Ruby on Rail

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 45
OSV	Rails actionpack gem vulnerable to Cross-site Scripting	24 Oct 201718:33	–	osv
OSV	rails - several vulnerabilities	31 May 201100:00	–	osv
UbuntuCve	CVE-2011-0446	14 Feb 201100:00	–	ubuntucve
Cvelist	CVE-2011-0446	14 Feb 201120:00	–	cvelist
Prion	Cross site scripting	14 Feb 201121:00	–	prion
GitLab Advisory Database	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	24 Oct 201700:00	–	gitlab
NVD	CVE-2011-0446	14 Feb 201121:00	–	nvd
Debian CVE	CVE-2011-0446	14 Feb 201121:00	–	debiancve
RubySec	XSS vulnerabilities in the mail_to helper in rails/actionpack	23 Oct 201721:00	–	rubygems
RubySec	XSS vulnerabilities in the mail_to helper in rails/actionview	23 Oct 201721:00	–	rubygems

Vulners

Node

gem actionviewRange<2.3.11

gem actionviewRange3.0.0≥

gem actionviewRange<3.0.4

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-0446
groups	www.groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
debian	www.debian.org/security/2011/dsa-2247
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml
groups	www.groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
web	www.web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
web	www.web.archive.org/web/20200812054342/http://www.securitytracker.com/id

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Oct 2017 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

EPSS0.0067