CVE-2012-1099 – actionpack

Package

Manager: gem
Name: actionpack
Vulnerable Version: >=3.0.0 <3.0.12 || >=3.1.0 <3.1.4 || >=3.2.0 <3.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00399 pctl0.59882

Details

Cross-site Scripting in actionpack Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/form_options_helper.rb` in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2023-08-25T20:14:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-2xjj-5x6h-8vmf/GHSA-2xjj-5x6h-8vmf.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-2xjj-5x6h-8vmf
Finding: F008
Auto approve: 1