CVE-2011-4319

Опубликовано: 28 нояб. 2011

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00607

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2011-4319

ubuntu

больше 13 лет назад

CVE-2011-4319

redhat

больше 13 лет назад

CVE-2011-4319

debian

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in the i18n translations help ...

GHSA-xxr8-833v-c7wc

github

больше 7 лет назад

Cross-site Scripting vulnerability in i18n translations helper method

EPSS

Процентиль: 69%

0.00607

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79