Description

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

Remediation

References

CVE-2012-3464

Related Vulnerabilities

WordPress Plugin Xorbin Digital Flash Clock Cross-Site Scripting (1.0)

WordPress Plugin Smartest Way To Design & Customize WordPress Comments & Comment Form-WP Comment Designer Lite includes Backdoor [Only if downloaded via the vendor website] (2.0.3)

WordPress Plugin WP-OliveCart Multiple Vulnerabilities (3.1.2)

Jenkins CVE-2013-0329 Vulnerability (CVE-2013-0329)

WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)

Severity

Medium

Classification

CVE-2012-3464 CWE-707

Tags

Missing Update Known Vulnerabilities