CVE-2009-3009
Published Sep 8, 2009
Last updated 5 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50EEAFDA-7782-4E1E-9058-205AD4BE9A01"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAC748BB-BFC5-44F7-B633-CEEBB1279889"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38CF2C31-70BB-41D3-9462-0A8B9869A5F0"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8584B37-7950-4C89-83D2-04E1ACDC60BF"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CB26F65-5CFB-4BF8-BCC4-679327D4A8DB"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF12EA5D-5EB5-46A8-AC60-65B327D610AD"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87B4B121-94BD-4E0F-8860-6239890043B9"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63CF211C-683E-4F7D-8C62-05B153AC1960"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "456A2F7E-CC66-48C4-B028-353D2976837A"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B1CDAFA-2AC6-4C46-9E65-0BE9127E770F"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9806A84-2160-40EA-9960-AE7756CE4E0A"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07EC67D4-3D0F-4FF9-8197-71175DCB2723"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1467583-23E9-4E2B-982D-80A356174BB6"
},
{
"criteria": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DC784C0-5618-4C32-8C17-BE7041656E14"
}
],
"operator": "OR"
}
]
}
]