CVE-2011-4319
28.11.2011, 11:55
Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 3.0.0 |
| rubyonrails | rails | 3.0.0:beta |
| rubyonrails | rails | 3.0.0:beta2 |
| rubyonrails | rails | 3.0.0:beta3 |
| rubyonrails | rails | 3.0.0:beta4 |
| rubyonrails | rails | 3.0.0:rc |
| rubyonrails | rails | 3.0.0:rc2 |
| rubyonrails | rails | 3.0.1 |
| rubyonrails | rails | 3.0.1:pre |
| rubyonrails | rails | 3.0.2 |
| rubyonrails | rails | 3.0.2:pre |
| rubyonrails | rails | 3.0.3 |
| rubyonrails | rails | 3.0.4:rc1 |
| rubyonrails | rails | 3.0.5 |
| rubyonrails | rails | 3.0.5:rc1 |
| rubyonrails | rails | 3.0.6 |
| rubyonrails | rails | 3.0.6:rc1 |
| rubyonrails | rails | 3.0.6:rc2 |
| rubyonrails | rails | 3.0.7 |
| rubyonrails | rails | 3.0.7:rc1 |
| rubyonrails | rails | 3.0.7:rc2 |
| rubyonrails | rails | 3.0.8 |
| rubyonrails | rails | 3.0.8:rc1 |
| rubyonrails | rails | 3.0.8:rc2 |
| rubyonrails | rails | 3.0.8:rc3 |
| rubyonrails | rails | 3.0.8:rc4 |
| rubyonrails | rails | 3.0.9 |
| rubyonrails | rails | 3.0.9:rc1 |
| rubyonrails | rails | 3.0.9:rc2 |
| rubyonrails | rails | 3.0.9:rc3 |
| rubyonrails | rails | 3.0.9:rc4 |
| rubyonrails | rails | 3.0.9:rc5 |
| rubyonrails | rails | 3.0.10 |
| rubyonrails | rails | 3.0.10:rc1 |
| rubyonrails | ruby_on_rails | 3.0.4 |
| rubyonrails | rails | 3.1.0 |
| rubyonrails | rails | 3.1.0:beta1 |
| rubyonrails | rails | 3.1.0:rc1 |
| rubyonrails | rails | 3.1.0:rc2 |
| rubyonrails | rails | 3.1.0:rc3 |
| rubyonrails | rails | 3.1.0:rc4 |
| rubyonrails | rails | 3.1.0:rc5 |
| rubyonrails | rails | 3.1.0:rc6 |
| rubyonrails | rails | 3.1.0:rc7 |
| rubyonrails | rails | 3.1.0:rc8 |
| rubyonrails | rails | 3.1.1 |
| rubyonrails | rails | 3.1.1:rc1 |
| rubyonrails | rails | 3.1.1:rc2 |
| rubyonrails | rails | 3.1.1:rc3 |
| rubyonrails | rails | 2.3.2 |
| rubyonrails | rails | 2.3.3 |
| rubyonrails | rails | 2.3.4 |
| rubyonrails | rails | 2.3.9 |
| rubyonrails | rails | 2.3.10 |
| rubyonrails | rails | 2.3.11 |
| rubyonrails | rails | 2.3.12 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||||||||||||
| ruby-actionpack-2.3 |
|
References