Contents

---
url: http://www.osvdb.org/show/osvdb/84516
title: Ruby on Rails HTML Escaping Code XSS 

description: > 
  Ruby on Rails contains a flaw that allows a remote
  cross-site scripting (XSS) attack. This flaw exists because the HTML
  escaping code functionality does not properly escape a single quote
  character. This may allow a user to create a specially crafted
  request that would execute arbitrary script code in a user's browser
  within the trust relationship between their browser and the server.

cvss_v2: 4.3

patched_versions:
  - ~> 3.0.17
  - ~> 3.1.8
  - ">= 3.2.8"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.1.1	data/bundler/audit/rails/2012-3464.yml