Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2009-3009
Description:Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
Test IDs: 1.3.6.1.4.1.25623.1.0.64919   1.3.6.1.4.1.25623.1.0.902090   1.3.6.1.4.1.25623.1.0.64961   1.3.6.1.4.1.25623.1.0.64968   1.3.6.1.4.1.25623.1.0.66042  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-3009
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 36278
http://www.securityfocus.com/bid/36278
Debian Security Information: DSA-1887 (Google Search)
http://www.debian.org/security/2009/dsa-1887
http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
http://www.osvdb.org/57666
http://securitytracker.com/id?1022824
http://secunia.com/advisories/36600
http://secunia.com/advisories/36717
SuSE Security Announcement: SUSE-SR:2009:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://www.vupen.com/english/advisories/2009/2544
XForce ISS Database: rubyonrails-unicode-xss(53036)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53036




© 1998-2024 E-Soft Inc. All rights reserved.