CVE-2012-3465Cross-site Scripting in Project Actionpack

CWE-79Cross-site Scripting10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rubyonrails RailsActionpack Project ActionpackRubyonrails Ruby ON Rails
Timeline
PublishedAug 10
Latest updateOct 24

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Debianrubyonrails/rails< 2.3.14.1+3
NVDrubyonrails/rails81 versions+80
RubyGemsactionpack_project/actionpack3.0.0.beta3.0.17+3

🔴Vulnerability Details

4
GHSA
actionpack Cross-site Scripting vulnerability2017-10-24
OSV
actionpack Cross-site Scripting vulnerability2017-10-24
CVEList
CVE-2012-3465: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper2012-08-10
OSV
CVE-2012-3465: Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper2012-08-10

📋Vendor Advisories

2
Red Hat
rubygem-actionpack: XSS Vulnerability in strip_tags2012-08-09
Debian
CVE-2012-3465: rails - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/s...2012

💬Community

3
Bugzilla
CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 rubygem-actionpack various flaws [fedora-all]2012-08-10
Bugzilla
CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags2012-08-10
Bugzilla
CVE-2012-3463 CVE-2012-3464 CVE-2012-3465 CVE-2013-0156 rubygem-actionpack various flaws [epel-5]2012-08-10
CVE-2012-3465 — Cross-site Scripting | cvebase