VDB
CVE-2012-3463
CVE-2012-3463
PUBLISHED
Reported by redhat · Published August 10, 2012
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| RubyGems | actionpack | 3.2.0, 3.2.0, 3.0.0 |
| n/a | n/a | *, n/a, n/a |
Exploit Intelligence
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 10 more exploits
Timeline
- Aug 10, 2012 CVE Published
- Aug 8, 2019 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- x_refsource_CONFIRM
- [rubyonrails-security] 20120810 Ruby on Rails Potential XSS Vulnerability in select_tag prompt mailing-listx_refsource_MLIST
- RHSA-2013:0154 vendor-advisoryx_refsource_REDHAT
- https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ url