Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1099

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1099
Last Modified 06 Jul 2012 12:00:00
Published 13 Mar 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1099

Summary

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.

Vulnerable Systems

Application

  • Ruby On Rails 3.0.0

  • Ruby On Rails 3.0.1

  • Ruby On Rails 3.0.10

  • Ruby On Rails 3.0.11

  • Ruby On Rails 3.0.12

  • Ruby On Rails 3.0.2

  • Ruby On Rails 3.0.3

  • Ruby On Rails 3.0.4

  • Ruby On Rails 3.0.5

  • Ruby On Rails 3.0.6

  • Ruby On Rails 3.0.7

  • Ruby On Rails 3.0.8

  • Ruby On Rails 3.0.9

  • Ruby On Rails 3.1.0

  • Ruby On Rails 3.1.1

  • Ruby On Rails 3.1.2

  • Ruby On Rails 3.1.2rc1

  • Ruby On Rails 3.1.3

  • Ruby On Rails 3.1.4

  • Ruby On Rails 3.2.0

  • Ruby On Rails 3.2.1

  • Ruby On Rails 3.2.2

  • Rubyonrails Ruby On Rails 3.0.0

  • Rubyonrails Ruby On Rails 3.0.1

  • Rubyonrails Ruby On Rails 3.0.10

  • Rubyonrails Ruby On Rails 3.0.11

  • Rubyonrails Ruby On Rails 3.0.12

  • Rubyonrails Ruby On Rails 3.0.2

  • Rubyonrails Ruby On Rails 3.0.3

  • Rubyonrails Ruby On Rails 3.0.4

  • Rubyonrails Ruby On Rails 3.0.5

  • Rubyonrails Ruby On Rails 3.0.6

  • Rubyonrails Ruby On Rails 3.0.7

  • Rubyonrails Ruby On Rails 3.0.8

  • Rubyonrails Ruby On Rails 3.0.9

  • Rubyonrails Ruby On Rails 3.1.0

  • Rubyonrails Ruby On Rails 3.1.1

  • Rubyonrails Ruby On Rails 3.1.2

  • Rubyonrails Ruby On Rails 3.1.3

  • Rubyonrails Ruby On Rails 3.1.4

  • Rubyonrails Ruby On Rails 3.2.0

  • Rubyonrails Ruby On Rails 3.2.1

  • Rubyonrails Ruby On Rails 3.2.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=799276

MLIST - [oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws

MLIST - [oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws

CONFIRM - http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

MLIST - [rubyonrails-security] 20120301 XSS Vulnerability in the select helper


Last Updated: 27 May 2016 10:57:27