Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Rubyonrails
  • Ruby On Rails
  • Rails

Configuration 1 [-]

OR cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
References
Link Resource
http://rhn.redhat.com/errata/RHSA-2013-0154.html
http://secunia.com/advisories/50694
http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ Vendor Advisory
https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-10T10:00:00

Updated: 2013-02-07T10:00:00

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3465

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-08-10T10:34:47.937

Modified: 2019-08-08T15:42:45.623

Link: CVE-2012-3465

JSON object: View

cve-icon Redhat Information

No data.

CWE