Description
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.
Remediation
References
Related Vulnerabilities
e107 Other Vulnerability (CVE-2005-3594)
PHP Cryptographic Issues Vulnerability (CVE-2011-3189)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-25703)
Joomla CVE-2021-26031 Vulnerability (CVE-2021-26031)
Internet Information Services Other Vulnerability (CVE-2002-1744)