CVE-2012-1099
Description
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
0.399
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack 3.0.12 | Windows |
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack 3.1.4 | Windows |
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack 3.2.2 | Windows |
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack for Linux 3.0.12 | Linux |
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack for Linux 3.1.4 | Linux |
| Vulnerabilities CVE-2012-1099 are fixed in Ruby-actionpack for Linux 3.2.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234