--- 
gem: actionpack
framework: rails
cve: 2012-3465
osvdb: 84513
url: http://www.osvdb.org/show/osvdb/84513
title: Ruby on Rails strip_tags Helper Method XSS
date: 2012-08-09

description: |
  Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
  attack. This flaw exists because the application does not validate input
  passed via the 'strip_tags' helper method before returning it to the user.
  This may allow a user to create a specially crafted request that would
  execute arbitrary script code in a user's browser within the trust
  relationship between their browser and the server.

cvss_v2: 4.3

patched_versions: 
  - ~> 3.0.17
  - ~> 3.1.8
  - ">= 3.2.8"