Summary
This host is running Ruby on Rails and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Ruby on Rails version 2.2.3 or 2.3.4 or later.
For updates refer to http://rubyonrails.org/download
Insight
The flaw is due to error in handling of 'escaping' code for the form helpers, which does not properly filter HTML code from user-supplied input before displaying the input.
Affected
Ruby on Rails version 2.x before to 2.2.3 and 2.3.x before 2.3.4
References
Severity
Classification
-
CVE CVE-2009-3009 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities