GHSA-98mf-8f57-64qf

Suggest an improvement
Source
https://github.com/advisories/GHSA-98mf-8f57-64qf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-98mf-8f57-64qf/GHSA-98mf-8f57-64qf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-98mf-8f57-64qf
Aliases
  • CVE-2012-3463
Published
2017-10-24T18:33:37Z
Modified
2024-11-30T05:28:34.743233Z
Summary
actionpack Cross-site Scripting vulnerability
Details

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

Database specific 
{
    "nvd_published_at": "2012-08-10T10:34:47Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:27:55Z"
}
References

Affected packages

RubyGems / actionpack

Package

Name
actionpack
Purl
pkg:gem/actionpack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0
Fixed
3.0.17

Affected versions

3.*

3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16

RubyGems / actionpack

Package

Name
actionpack
Purl
pkg:gem/actionpack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.8

Affected versions

3.*

3.1.0
3.1.1.rc1
3.1.1.rc2
3.1.1.rc3
3.1.1
3.1.2.rc1
3.1.2.rc2
3.1.2
3.1.3
3.1.4.rc1
3.1.4
3.1.5.rc1
3.1.5
3.1.6
3.1.7

RubyGems / actionpack

Package

Name
actionpack
Purl
pkg:gem/actionpack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.2.0
Fixed
3.2.8

Affected versions

3.*

3.2.0
3.2.1
3.2.2.rc1
3.2.2
3.2.3.rc1
3.2.3.rc2
3.2.3
3.2.4.rc1
3.2.4
3.2.5
3.2.6
3.2.7.rc1
3.2.7
3.2.8.rc1
3.2.8.rc2