Contents

--- 
gem: actionpack
framework: rails
cve: 2012-3463
osvdb: 84515
url: https://nvd.nist.gov/vuln/detail/CVE-2012-3463
title: Ruby on Rails select_tag Helper Method prompt Value XSS
date: 2012-08-09

description: |
  Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
  attack. This flaw exists because input passed via the prompt value is not
  properly sanitized by the select_tag helper method before returning it to
  the user. This may allow a user to create a specially crafted request that
  would execute arbitrary script code in a user's browser within the trust
  relationship between their browser and the server.

cvss_v2: 4.3

unaffected_versions:
  - ~> 2.3.0

patched_versions: 
  - ~> 3.0.17
  - ~> 3.1.8
  - ">= 3.2.8"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/actionpack/CVE-2012-3463.yml