Lucene search

K

PRIOn knowledge basePRION:CVE-2009-3009

HistorySep 08, 2009 - 6:30 p.m.

Cross site scripting

2009-09-0818:30:00

PRIOn knowledge base

www.prio-n.com

12

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

CPENameOperatorVersion
railseq2.0.1
railseq2.0.2
railseq2.0.4
railseq2.1.0
railseq2.1.1
railseq2.1.2
railseq2.2.0
railseq2.2.1
railseq2.2.2
railseq2.3.2

Rows per page:

1-10 of 141

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

secunia.com/advisories/36600

secunia.com/advisories/36717

securitytracker.com/id?1022824

support.apple.com/kb/HT4077

weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

www.debian.org/security/2009/dsa-1887

www.osvdb.org/57666

www.securityfocus.com/bid/36278

www.vupen.com/english/advisories/2009/2544

exchange.xforce.ibmcloud.com/vulnerabilities/53036

groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.9%

Related for PRION:CVE-2009-3009

fedora12 seebug1 nessus9 cve1 securityvulns2 osv1 openvas19 debiancve1 gitlab2 debian1 ubuntucve1 github1 gentoo1 threatpost1