Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2012-1099
Description:Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.
Test IDs: 1.3.6.1.4.1.25623.1.0.71345  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-1099
Debian Security Information: DSA-2466 (Google Search)
http://www.debian.org/security/2012/dsa-2466
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
http://www.openwall.com/lists/oss-security/2012/03/02/6
http://www.openwall.com/lists/oss-security/2012/03/03/1
http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain




© 1998-2024 E-Soft Inc. All rights reserved.