CVE-2009-3009

Опубликовано: 08 сент. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01632

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2009-3009

ubuntu

больше 16 лет назад

CVE-2009-3009

redhat

больше 16 лет назад

CVE-2009-3009

debian

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2 ...

GHSA-8qrh-h9m2-5fvf

github

около 8 лет назад

Cross site scripting that affects rails

EPSS

Процентиль: 81%

0.01632

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79