Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12235
HistorySep 08, 2009 - 12:00 a.m.

Ruby on Rails表单帮助程序Unicode字符串处理跨站脚本漏洞

2009-09-0800:00:00
Root
www.seebug.org
24

0.003 Low

EPSS

Percentile

67.3%

JSON

BUGTRAQ ID: 36278
CVE(CAN) ID: CVE-2009-3009

Ruby on Rails是一个新的Web应用程序框架,构建在Ruby语言之上。

Ruby on Rails的表单帮助程序中的转义代码存在跨站脚本漏洞,远程攻击者可以通过向其提交恶意的Unicode字符串绕过转义检查,在用户浏览器会话中注入并执行任意HTML代码。

David Heinemeier Hansson Ruby on Rails 2.x
厂商补丁:

David Heinemeier Hansson

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://weblog.rubyonrails.org/assets/2009/9/4/2-0-CVE-2009-3009.patch
http://weblog.rubyonrails.org/assets/2009/9/4/2-1-CVE-2009-3009.patch
http://weblog.rubyonrails.org/assets/2009/9/4/2-2-CVE-2009-3009.patch
http://weblog.rubyonrails.org/assets/2009/9/4/2-3-CVE-2009-3009.patch

Related

fedora 12
securityvulns 2
nessus 9
cve 1
osv 1
openvas 19
gitlab 2
prion 1
debiancve 1
debian 1
ubuntucve 1
github 1
gentoo 1
threatpost 1
fedora
fedora
[SECURITY] Fedora 11 Update: rubygem-rails-2.3.2-5.fc11
2009-10-14 01:55:34
[SECURITY] Fedora 11 Update: rubygem-activeresource-2.3.2-2.fc11
2009-10-14 01:55:34
[SECURITY] Fedora 11 Update: rubygem-activesupport-2.3.3-2.fc11
2009-09-25 20:06:42
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2009-09-15 00:00:00
[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting
2009-09-15 00:00:00
nessus
nessus
Debian DSA-1887-1 : rails - missing input sanitising
2010-02-24 00:00:00
Fedora 11 : rubygem-actionmailer-2.3.2-3.fc11 / rubygem-actionpack-2.3.2-2.fc11 / etc (2009-10484)
2009-10-15 00:00:00
Fedora 10 : rubygem-actionpack-2.1.1-3.fc10 / rubygem-activesupport-2.1.1-2.fc10 (2009-9799)
2009-09-25 00:00:00
cve
cve
CVE-2009-3009
2009-09-08 18:30:00
osv
osv
Cross site scripting that affects rails
2017-10-24 18:33:38
openvas
openvas
Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)
2009-10-19 00:00:00
Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability
2010-08-02 00:00:00
Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)
2009-09-28 00:00:00
gitlab
gitlab
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
prion
prion
Cross site scripting
2009-09-08 18:30:00
debiancve
debiancve
CVE-2009-3009
2009-09-08 18:30:00
debian
debian
[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting
2009-09-15 16:47:38
ubuntucve
ubuntucve
CVE-2009-3009
2009-09-08 00:00:00
github
github
Cross site scripting that affects rails
2017-10-24 18:33:38
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2009-12-20 00:00:00
threatpost
threatpost
Apple Mega Patch Covers 88 Mac OS X Vulnerabilities
2010-03-29 17:15:44

0.003 Low

EPSS

Percentile

67.3%

JSON
Related for SSV:12235
fedora12securityvulns2nessus9cve1osv1openvas19gitlab2prion1debiancve1debian1ubuntucve1github1gentoo1threatpost1