ID de Prueba:	1.3.6.1.4.1.25623.1.0.901185
Categoría:	Web application abuses
Título:	Ruby on Rails Multiple Cross Site Scripting Vulnerabilities
Resumen:	Ruby on Rails is prone to multiple cross site scripting vulnerabilities.
Descripción:	Summary: Ruby on Rails is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: The flaw is caused by an input validation error when processing 'name' or 'email' values while the ':encode => :javascript' option is used, which could allow cross site scripting attacks. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary web script or HTML via a crafted name or email value. Affected Software/OS: Ruby on Rails versions before 2.3.11, and 3.x before 3.0.4. Solution: Upgrade to Ruby on Rails version 3.0.4 or 2.3.11. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0446 BugTraq ID: 46291 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain http://www.securitytracker.com/id?1025064 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.