CVE-2012-1099Cross-site Scripting in Project Actionpack

CWE-79Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 39.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rubyonrails RailsActionpack Project ActionpackRubyonrails Ruby ON Rails
Timeline
PublishedMar 13
Latest updateOct 24

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianrubyonrails/rails< 2.3.14+3
NVDrubyonrails/rails21 versions+20
RubyGemsactionpack_project/actionpack3.0.03.0.12+2

🔴Vulnerability Details

4
GHSA
Cross-site Scripting in actionpack2017-10-24
OSV
Cross-site Scripting in actionpack2017-10-24
CVEList
CVE-2012-1099: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper2012-03-13
OSV
CVE-2012-1099: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper2012-03-13

📋Vendor Advisories

2
Red Hat
rubygem-actionpack: XSS in the 'select' helper2012-03-01
Debian
CVE-2012-1099: rails - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/f...2012

💬Community

1
Bugzilla
CVE-2012-1099 rubygem-actionpack: XSS in the 'select' helper2012-03-02
CVE-2012-1099 — Cross-site Scripting | cvebase