ID de Prueba:	1.3.6.1.4.1.25623.1.0.902090
Categoría:	Web application abuses
Título:	Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability
Resumen:	Ruby on Rails is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: Ruby on Rails is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to error in handling of 'escaping' code for the form helpers, which does not properly filter HTML code from user-supplied input before displaying the input. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Software/OS: Ruby on Rails version 2.x before to 2.2.3 and 2.3.x before 2.3.4. Solution: Upgrade to Ruby on Rails version 2.2.3 or 2.3.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3009 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 36278 http://www.securityfocus.com/bid/36278 Debian Security Information: DSA-1887 (Google Search) http://www.debian.org/security/2009/dsa-1887 http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source http://www.osvdb.org/57666 http://securitytracker.com/id?1022824 http://secunia.com/advisories/36600 http://secunia.com/advisories/36717 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/2544 XForce ISS Database: rubyonrails-unicode-xss(53036) https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.