CVE-2009-3009
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2009-3009
Status
UNKNOWN
Description
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
Severity
Medium
CVSS score
4,3
CVSS vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Phase
ASSIGNED (01.04.2010)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3009
References
APPLE :
APPLE-SA-2010-03-29-1
BID :
36278
CONFIRM :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
CONFIRM :
http://support.apple.com/kb/HT4077
CONFIRM :
http://weblog.rubyonrails.org/2009/9/4/xss-vulnera...
DEBIAN :
DSA-1887
MLIST :
[rubyonrails-security] 20090904 XSS Vulnerability in Ruby on Rails
OSVDB :
57666
SECTRACK :
1022824
SECUNIA :
36600
SECUNIA :
36717
SUSE :
SUSE-SR:2009:017
VUPEN :
ADV-2009-2544
XF :
rubyonrails-unicode-xss(53036)
SecurityVulns:
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
