44 matches found
CVE-2012-1098
Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...
Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...
Ruby on Rails多个跨站脚本执行漏洞
BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...
CVE-2012-1098 rubygem-activesupport: XSS in SafeBuffer#[] (unescaped safe buffers can be marked as safe)
Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...