Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2009-3009 - CERT CVE
CVE-2009-3009
ID
CVE-2009-3009
Sažetak
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
Reference
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
http://secunia.com/advisories/36600
http://secunia.com/advisories/36717
http://securitytracker.com/id?1022824
http://support.apple.com/kb/HT4077
http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails
http://www.debian.org/security/2009/dsa-1887
http://www.osvdb.org/57666
http://www.securityfocus.com/bid/36278
http://www.vupen.com/english/advisories/2009/2544
https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
CVSS
Base:
4.3
Impact:
2.9
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
NONE
PARTIAL
NONE
CVSS vektor
AV:N/AC:M/Au:N/C:N/I:P/A:N
Zadnje važnije ažuriranje
08-08-2019 - 14:43
Objavljeno
08-09-2009 - 18:30
