CVE-2012-3463Cross-site Scripting in Project Actionpack

CWE-79Cross-site Scripting9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Actionpack Project ActionpackRubyonrails RailsRubyonrails Ruby ON Rails
Timeline
PublishedAug 10
Latest updateOct 24

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDrubyonrails/rails32 versions+31
RubyGemsactionpack_project/actionpack3.03.0.17+2

Patches

Patch: groups.google.comPatch: groups.google.com

🔴Vulnerability Details

3
GHSA
actionpack Cross-site Scripting vulnerability2017-10-24
OSV
actionpack Cross-site Scripting vulnerability2017-10-24
CVEList
CVE-2012-3463: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper2012-08-10

📋Vendor Advisories

2
Red Hat
rubygem-actionpack: potential XSS vulnerability in select_tag prompt2012-08-09
Debian
CVE-2012-3463: rails - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/f...2012

💬Community

3
Bugzilla
CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 rubygem-actionpack various flaws [fedora-all]2012-08-10
Bugzilla
CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]2012-08-10
Bugzilla
CVE-2012-3463 rubygem-actionpack: potential XSS vulnerability in select_tag prompt2012-08-10
CVE-2012-3463 — Cross-site Scripting | cvebase