---
url: http://www.osvdb.org/show/osvdb/84513
title: Ruby on Rails strip_tags Helper Method XSS 

description: >
  Ruby on Rails contains a flaw that allows a remote cross-site
  scripting (XSS) attack. This flaw exists because the application
  does not validate input passed via the 'strip_tags' helper method
  before returning it to the user. This may allow a user to create a
  specially crafted request that would execute arbitrary script code
  in a user's browser within the trust relationship between their
  browser and the server.

cvss_v2: 4.3

patched_versions:
  - ~> 3.0.17
  - ~> 3.1.8
  - ">= 3.2.8"