CVE-2012-1099: Cross-site scripting (XSS) vulnerability
Bug #1030984 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-actionpack-2.3 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Cross-site scripting (XSS) vulnerability in
actionpack/
helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x
before 3.2.2 allows remote attackers to inject arbitrary web script or HTML
via vectors involving certain generation of OPTION elements within SELECT
elements.
CVE References
To post a comment you must log in.
I'm attaching debdiffs for oneiric and precise.
I think the code lives in the rails package in natty and earlier releases.