Lucene search
K

44 matches found

Cvelist
Cvelist
added 2012/03/13 10:0 a.m.36 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

5.3AI score0.02137EPSS
Exploits0References6
GitLab Advisory Database
GitLab Advisory Database
added 2012/03/13 12:0 a.m.29 views

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

4.3CVSS3.2AI score0.02137EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2012/03/06 12:0 a.m.26 views

Ruby on Rails多个跨站脚本执行漏洞

BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...

6.9AI score
Exploits0
RubySec
RubySec
added 2012/03/01 12:0 a.m.38 views

CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS4AI score0.02137EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder