Description
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (3.0.2)
WordPress Plugin Blue Wrench Video Widget Cross-Site Scripting (2.1.0)
MySQL Other Vulnerability (CVE-2000-0148)
WordPress Plugin WP Symposium Toolbar Unspecified Vulnerability (0.26.0)
WordPress Plugin Bing Site Verification using Meta Tag Cross-Site Scripting (1.0)