CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CVE-2012-1098 — MEDIUM severity vulnerability | Release Alert
CVE-2012-1098
4.3
MEDIUMCVSS v2
Published
March 13, 2012
Affected
2 projects
Assigned by
Red Hat
Severity scale
010
Description
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
RubyGemsRuby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.