Ruby On Rails Security Vulnerabilities and Issues — Ruby On Rails CVE List

Lucene search

RubyonrailsRuby On Rails

4 matches found

CVE•added 2012/08/10 10:34 a.m.•109 views

CVE-2012-3464

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

4.3CVSS5.3AI score0.00333EPSS

CVE•added 2012/08/10 10:34 a.m.•98 views

CVE-2012-3465

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

4.3CVSS5.5AI score0.00333EPSS

CVE•added 2012/08/10 10:34 a.m.•81 views

CVE-2012-3463

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

4.3CVSS5.5AI score0.00333EPSS

CVE•added 2012/08/08 10:26 a.m.•73 views

CVE-2012-3424

The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging a...

5CVSS6.3AI score0.00981EPSS