Contents

---
url: http://osvdb.org/79726
title: Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS 

description: >
  Ruby on Rails contains a flaw that allows a remote cross-site
  scripting (XSS) attack. This flaw exists because athe application
  does not validate direct manipulations of SafeBuffer objects via
  '[]' and other methods. This may allow a user to create a specially
  crafted request that would execute arbitrary script code in a user's
  browser within the trust relationship between their browser and the
  server.

cvss_v2: 4.3

patched_versions:
  - ~> 3.0.12
  - ~> 3.1.4
  - ">= 3.2.2"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.1.1	data/bundler/audit/rails/2012-1098.yml