Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails prior to 2.3.11, and 3.x prior to 3.0.4, when javascript encoding is used, allow remote malicious users to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 2.3.10 |
||
rubyonrails rails 2.2.1 |
||
rubyonrails rails 2.0.0 |
||
rubyonrails rails 2.3.4 |
||
rubyonrails rails 3.0.0 |
||
rubyonrails rails 3.0.1 |
||
rubyonrails rails 3.0.2 |
||
rubyonrails rails 2.1.1 |
||
rubyonrails rails 2.1.2 |
||
rubyonrails rails 2.1.0 |
||
rubyonrails rails 2.0.2 |
||
rubyonrails rails 2.3.3 |
||
rubyonrails rails 2.3.2 |
||
rubyonrails rails 2.3.9 |
||
rubyonrails rails 3.0.3 |
||
rubyonrails rails 3.0.4 |
||
rubyonrails rails 2.2.2 |
||
rubyonrails rails 2.2.0 |
||
rubyonrails rails 2.0.4 |
||
rubyonrails rails 2.0.1 |