Description

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

Remediation

References

CVE-2012-1098

Related Vulnerabilities

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.6)

WordPress Plugin Titan Framework Cross-Site Scripting (1.5.2)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5687)

WordPress Plugin Bongolive SMS Cross-Site Scripting (1.0.5)

Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10073)

Severity

Medium

Classification

CVE-2012-1098 CWE-707

Tags

Missing Update Known Vulnerabilities