CVE-2012-3463
EUVD-2017-019910.08.2012, 10:34
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 3.0.0 |
| rubyonrails | rails | 3.0.0:beta |
| rubyonrails | rails | 3.0.0:beta2 |
| rubyonrails | rails | 3.0.0:beta3 |
| rubyonrails | rails | 3.0.0:beta4 |
| rubyonrails | rails | 3.0.0:rc |
| rubyonrails | rails | 3.0.0:rc2 |
| rubyonrails | rails | 3.0.1 |
| rubyonrails | rails | 3.0.1:pre |
| rubyonrails | rails | 3.0.2 |
| rubyonrails | rails | 3.0.2:pre |
| rubyonrails | rails | 3.0.3 |
| rubyonrails | rails | 3.0.4:rc1 |
| rubyonrails | rails | 3.0.5 |
| rubyonrails | rails | 3.0.5:rc1 |
| rubyonrails | rails | 3.0.6 |
| rubyonrails | rails | 3.0.6:rc1 |
| rubyonrails | rails | 3.0.6:rc2 |
| rubyonrails | rails | 3.0.7 |
| rubyonrails | rails | 3.0.7:rc1 |
| rubyonrails | rails | 3.0.7:rc2 |
| rubyonrails | rails | 3.0.8 |
| rubyonrails | rails | 3.0.8:rc1 |
| rubyonrails | rails | 3.0.8:rc2 |
| rubyonrails | rails | 3.0.8:rc3 |
| rubyonrails | rails | 3.0.8:rc4 |
| rubyonrails | rails | 3.0.9 |
| rubyonrails | rails | 3.0.9:rc1 |
| rubyonrails | rails | 3.0.9:rc2 |
| rubyonrails | rails | 3.0.9:rc3 |
| rubyonrails | rails | 3.0.9:rc4 |
| rubyonrails | rails | 3.0.9:rc5 |
| rubyonrails | rails | 3.0.10 |
| rubyonrails | rails | 3.0.10:rc1 |
| rubyonrails | rails | 3.0.11 |
| rubyonrails | rails | 3.0.12 |
| rubyonrails | rails | 3.0.12:rc1 |
| rubyonrails | rails | 3.0.13 |
| rubyonrails | rails | 3.0.13:rc1 |
| rubyonrails | rails | 3.0.14 |
| rubyonrails | rails | 3.0.16 |
| rubyonrails | ruby_on_rails | 3.0.4 |
| rubyonrails | rails | 3.1.0 |
| rubyonrails | rails | 3.1.0:beta1 |
| rubyonrails | rails | 3.1.0:rc1 |
| rubyonrails | rails | 3.1.0:rc2 |
| rubyonrails | rails | 3.1.0:rc3 |
| rubyonrails | rails | 3.1.0:rc4 |
| rubyonrails | rails | 3.1.0:rc5 |
| rubyonrails | rails | 3.1.0:rc6 |
| rubyonrails | rails | 3.1.0:rc7 |
| rubyonrails | rails | 3.1.0:rc8 |
| rubyonrails | rails | 3.1.1 |
| rubyonrails | rails | 3.1.1:rc1 |
| rubyonrails | rails | 3.1.1:rc2 |
| rubyonrails | rails | 3.1.1:rc3 |
| rubyonrails | rails | 3.1.2 |
| rubyonrails | rails | 3.1.2:rc1 |
| rubyonrails | rails | 3.1.2:rc2 |
| rubyonrails | rails | 3.1.3 |
| rubyonrails | rails | 3.1.4 |
| rubyonrails | rails | 3.1.4:rc1 |
| rubyonrails | rails | 3.1.5 |
| rubyonrails | rails | 3.1.5:rc1 |
| rubyonrails | rails | 3.1.6 |
| rubyonrails | rails | 3.1.7 |
| rubyonrails | rails | 3.2.0 |
| rubyonrails | rails | 3.2.0:rc1 |
| rubyonrails | rails | 3.2.0:rc2 |
| rubyonrails | rails | 3.2.1 |
| rubyonrails | rails | 3.2.2 |
| rubyonrails | rails | 3.2.2:rc1 |
| rubyonrails | rails | 3.2.3 |
| rubyonrails | rails | 3.2.3:rc1 |
| rubyonrails | rails | 3.2.3:rc2 |
| rubyonrails | rails | 3.2.4 |
| rubyonrails | rails | 3.2.4:rc1 |
| rubyonrails | rails | 3.2.5 |
| rubyonrails | rails | 3.2.6 |
| rubyonrails | rails | 3.2.7 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||||||||||||||||||
| ruby-actionpack-2.3 |
| ||||||||||||||||||||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||||||||||||||||||||
| ruby-rails-2.3 |
| ||||||||||||||||||||||||||||||||||||||
| ruby-rails-3.2 |
|