Test ID:	1.3.6.1.4.1.25623.1.0.901185
Category:	Web application abuses
Title:	Ruby on Rails Multiple Cross Site Scripting Vulnerabilities
Summary:	This host is running Ruby on Rails and is prone to multiple cross; site scripting vulnerabilities.
Description:	Summary: This host is running Ruby on Rails and is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: The flaw is caused by an input validation error when processing 'name' or 'email' values while the ':encode => :javascript' option is used, which could allow cross site scripting attacks. Vulnerability Impact: Successful exploitation will allow attackers to inject arbitrary web script or HTML via a crafted name or email value. Affected Software/OS: Ruby on Rails versions before 2.3.11, and 3.x before 3.0.4. Solution: Upgrade to Ruby on Rails version 3.0.4 or 2.3.11. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	BugTraq ID: 46291 Common Vulnerability Exposure (CVE) ID: CVE-2011-0446 http://www.securityfocus.com/bid/46291 Debian Security Information: DSA-2247 (Google Search) http://www.debian.org/security/2011/dsa-2247 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain http://www.securitytracker.com/id?1025064 http://secunia.com/advisories/43274 http://secunia.com/advisories/43666 http://www.vupen.com/english/advisories/2011/0587 http://www.vupen.com/english/advisories/2011/0877
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.