CVE-2012-3464

Published: Aug 10, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

Affected (142)

Products: Rubyonrails: Rails, Ruby On Rails

Rubyonrails

2 products

Rails

Ruby On Rails

Configuration A

104 vulnerable

Vulnerable Software	Affected Versions
Rubyonrails Rails	Version 0.10.0
Rubyonrails Rails	Version 0.10.1
Rubyonrails Rails	Version 0.11.0
Rubyonrails Rails	Version 0.11.1
Rubyonrails Rails	Version 0.12.0
Rubyonrails Rails	Version 0.12.1
Rubyonrails Rails	Version 0.13.0
Rubyonrails Rails	Version 0.13.1
Rubyonrails Rails	Version 0.14.1
Rubyonrails Rails	Version 0.14.2
Rubyonrails Rails	Version 0.14.3
Rubyonrails Rails	Version 0.14.4
Rubyonrails Rails	Version 0.9.1
Rubyonrails Rails	Version 0.9.2
Rubyonrails Rails	Version 0.9.3
Rubyonrails Rails	Version 0.9.4.1
Rubyonrails Rails	Version 0.9.4
Rubyonrails Rails	Version 1.0.0
Rubyonrails Rails	Version 1.1.0
Rubyonrails Rails	Version 1.1.1
Rubyonrails Rails	Version 1.1.2
Rubyonrails Rails	Version 1.1.3
Rubyonrails Rails	Version 1.1.4
Rubyonrails Rails	Version 1.1.5
Rubyonrails Rails	Version 1.1.6
Rubyonrails Rails	Version 1.2.0
Rubyonrails Rails	Version 1.2.1
Rubyonrails Rails	Version 1.2.2
Rubyonrails Rails	Version 1.2.3
Rubyonrails Rails	Version 1.2.4
Rubyonrails Rails	Version 1.2.5
Rubyonrails Rails	Version 1.2.6
Rubyonrails Rails	Version 1.9.5
Rubyonrails Rails	Version 2.0.0
Rubyonrails Rails	Version 2.0.0 rc1
Rubyonrails Rails	Version 2.0.0 rc2
Rubyonrails Rails	Version 2.0.1
Rubyonrails Rails	Version 2.0.2
Rubyonrails Rails	Version 2.0.4
Rubyonrails Rails	Version 2.1.0
Rubyonrails Rails	Version 2.1.1
Rubyonrails Rails	Version 2.1.2
Rubyonrails Rails	Version 2.2.0
Rubyonrails Rails	Version 2.2.1
Rubyonrails Rails	Version 2.2.2
Rubyonrails Rails	Version 2.3.10
Rubyonrails Rails	Version 2.3.11
Rubyonrails Rails	Version 2.3.12
Rubyonrails Rails	Version 2.3.2
Rubyonrails Rails	Version 2.3.3
Rubyonrails Rails	Version 2.3.4
Rubyonrails Rails	Version 2.3.9
Rubyonrails Rails	Version 3.0.0
Rubyonrails Rails	Version 3.0.0 beta2
Rubyonrails Rails	Version 3.0.0 beta3
Rubyonrails Rails	Version 3.0.0 beta4
Rubyonrails Rails	Version 3.0.0 beta
Rubyonrails Rails	Version 3.0.0 rc2
Rubyonrails Rails	Version 3.0.0 rc
Rubyonrails Rails	Version 3.0.10
Rubyonrails Rails	Version 3.0.10 rc1
Rubyonrails Rails	Version 3.0.11
Rubyonrails Rails	Version 3.0.12
Rubyonrails Rails	Version 3.0.12 rc1
Rubyonrails Rails	Version 3.0.13
Rubyonrails Rails	Version 3.0.13 rc1
Rubyonrails Rails	Version 3.0.14
Rubyonrails Rails	Version 3.0.1
Rubyonrails Rails	Version 3.0.1 pre
Rubyonrails Rails	Version 3.0.2
Rubyonrails Rails	Version 3.0.2 pre
Rubyonrails Rails	Version 3.0.3
Rubyonrails Rails	Version 3.0.4 rc1
Rubyonrails Rails	Version 3.0.5
Rubyonrails Rails	Version 3.0.5 rc1
Rubyonrails Rails	Version 3.0.6
Rubyonrails Rails	Version 3.0.6 rc1
Rubyonrails Rails	Version 3.0.6 rc2
Rubyonrails Rails	Version 3.0.7
Rubyonrails Rails	Version 3.0.7 rc1
Rubyonrails Rails	Version 3.0.7 rc2
Rubyonrails Rails	Version 3.0.8
Rubyonrails Rails	Version 3.0.8 rc1
Rubyonrails Rails	Version 3.0.8 rc2
Rubyonrails Rails	Version 3.0.8 rc3
Rubyonrails Rails	Version 3.0.8 rc4
Rubyonrails Rails	Version 3.0.9
Rubyonrails Rails	Version 3.0.9 rc1
Rubyonrails Rails	Version 3.0.9 rc2
Rubyonrails Rails	Version 3.0.9 rc3
Rubyonrails Rails	Version 3.0.9 rc4
Rubyonrails Rails	Version 3.0.9 rc5
Rubyonrails Ruby On Rails	Up to 3.0.16
Rubyonrails Ruby On Rails	Version 0.5.0
Rubyonrails Ruby On Rails	Version 0.5.5
Rubyonrails Ruby On Rails	Version 0.5.6
Rubyonrails Ruby On Rails	Version 0.5.7
Rubyonrails Ruby On Rails	Version 0.6.0
Rubyonrails Ruby On Rails	Version 0.6.5
Rubyonrails Ruby On Rails	Version 0.7.0
Rubyonrails Ruby On Rails	Version 0.8.0
Rubyonrails Ruby On Rails	Version 0.8.5
Rubyonrails Ruby On Rails	Version 0.9.0
Rubyonrails Ruby On Rails	Version 3.0.4

Configuration B

24 vulnerable

Vulnerable Software	Affected Versions
Rubyonrails Rails	Version 3.1.0
Rubyonrails Rails	Version 3.1.0 beta1
Rubyonrails Rails	Version 3.1.0 rc1
Rubyonrails Rails	Version 3.1.0 rc2
Rubyonrails Rails	Version 3.1.0 rc3
Rubyonrails Rails	Version 3.1.0 rc4
Rubyonrails Rails	Version 3.1.0 rc5
Rubyonrails Rails	Version 3.1.0 rc6
Rubyonrails Rails	Version 3.1.0 rc7
Rubyonrails Rails	Version 3.1.0 rc8
Rubyonrails Rails	Version 3.1.1
Rubyonrails Rails	Version 3.1.1 rc1
Rubyonrails Rails	Version 3.1.1 rc2
Rubyonrails Rails	Version 3.1.1 rc3
Rubyonrails Rails	Version 3.1.2
Rubyonrails Rails	Version 3.1.2 rc1
Rubyonrails Rails	Version 3.1.2 rc2
Rubyonrails Rails	Version 3.1.3
Rubyonrails Rails	Version 3.1.4
Rubyonrails Rails	Version 3.1.4 rc1
Rubyonrails Rails	Version 3.1.5
Rubyonrails Rails	Version 3.1.5 rc1
Rubyonrails Rails	Version 3.1.6
Rubyonrails Rails	Version 3.1.7

Configuration C

14 vulnerable

Vulnerable Software	Affected Versions
Rubyonrails Rails	Version 3.2.0
Rubyonrails Rails	Version 3.2.0 rc1
Rubyonrails Rails	Version 3.2.0 rc2
Rubyonrails Rails	Version 3.2.1
Rubyonrails Rails	Version 3.2.2
Rubyonrails Rails	Version 3.2.2 rc1
Rubyonrails Rails	Version 3.2.3
Rubyonrails Rails	Version 3.2.3 rc1
Rubyonrails Rails	Version 3.2.3 rc2
Rubyonrails Rails	Version 3.2.4
Rubyonrails Rails	Version 3.2.4 rc1
Rubyonrails Rails	Version 3.2.5
Rubyonrails Rails	Version 3.2.6
Rubyonrails Rails	Version 3.2.7