Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
References
Configurations
History
21 Nov 2024, 00:32
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gentoo.org/show_bug.cgi?id=195315 - | |
References | () http://dev.rubyonrails.org/ticket/8371 - | |
References | () http://osvdb.org/36378 - | |
References | () http://pastie.caboo.se/65550.txt - | |
References | () http://secunia.com/advisories/25699 - Vendor Advisory | |
References | () http://secunia.com/advisories/27657 - Vendor Advisory | |
References | () http://secunia.com/advisories/27756 - Vendor Advisory | |
References | () http://security.gentoo.org/glsa/glsa-200711-17.xml - | |
References | () http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release - | |
References | () http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release - | |
References | () http://www.novell.com/linux/security/advisories/2007_24_sr.html - | |
References | () http://www.securityfocus.com/bid/24161 - Exploit | |
References | () http://www.vupen.com/english/advisories/2007/2216 - Vendor Advisory |
Information
Published : 2007-06-14 23:30
Updated : 2024-11-21 00:32
NVD link : CVE-2007-3227
Mitre link : CVE-2007-3227
CVE.ORG link : CVE-2007-3227
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')