Description

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

Remediation

References

CVE-2012-1098

Related Vulnerabilities

ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.86)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

WordPress Plugin Social Media Widget by Acurax Cross-Site Request Forgery (3.2.5)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.3.0)

Severity

Medium

Classification

CVE-2012-1098 CWE-707

Tags

Missing Update Known Vulnerabilities