Test ID:	1.3.6.1.4.1.25623.1.0.902090
Category:	Web application abuses
Title:	Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability
Summary:	This host is running Ruby on Rails and is prone to cross-site; scripting vulnerability.
Description:	Summary: This host is running Ruby on Rails and is prone to cross-site scripting vulnerability. Vulnerability Insight: The flaw is due to error in handling of 'escaping' code for the form helpers, which does not properly filter HTML code from user-supplied input before displaying the input. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Software/OS: Ruby on Rails version 2.x before to 2.2.3 and 2.3.x before 2.3.4. Solution: Upgrade to Ruby on Rails version 2.2.3 or 2.3.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	BugTraq ID: 36278 Common Vulnerability Exposure (CVE) ID: CVE-2009-3009 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://www.securityfocus.com/bid/36278 Debian Security Information: DSA-1887 (Google Search) http://www.debian.org/security/2009/dsa-1887 http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source http://www.osvdb.org/57666 http://securitytracker.com/id?1022824 http://secunia.com/advisories/36600 http://secunia.com/advisories/36717 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://www.vupen.com/english/advisories/2009/2544 XForce ISS Database: rubyonrails-unicode-xss(53036) https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.