Your submission was sent successfully! Close

CVE-2012-1099

Published: 13 March 2012

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.

Priority

Medium

Status

Package Release Status
rails
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(contains no code)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [contains no code])
ruby-rails-2.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist