CVE-2012-1098

Опубликовано: 13 мар. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-1098

ubuntu

почти 14 лет назад

CVE-2012-1098

redhat

почти 14 лет назад

CVE-2012-1098

debian

почти 14 лет назад

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...

GHSA-qv8p-v9qw-wc7g

github

больше 8 лет назад

activesupport Cross-site Scripting vulnerability

EPSS

Процентиль: 59%

0.00377

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79