CVE-2007-3227

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Configurations

Configuration 1 (hide)

cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*

History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=195315 - () http://bugs.gentoo.org/show_bug.cgi?id=195315 -
References () http://dev.rubyonrails.org/ticket/8371 - () http://dev.rubyonrails.org/ticket/8371 -
References () http://osvdb.org/36378 - () http://osvdb.org/36378 -
References () http://pastie.caboo.se/65550.txt - () http://pastie.caboo.se/65550.txt -
References () http://secunia.com/advisories/25699 - Vendor Advisory () http://secunia.com/advisories/25699 - Vendor Advisory
References () http://secunia.com/advisories/27657 - Vendor Advisory () http://secunia.com/advisories/27657 - Vendor Advisory
References () http://secunia.com/advisories/27756 - Vendor Advisory () http://secunia.com/advisories/27756 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200711-17.xml - () http://security.gentoo.org/glsa/glsa-200711-17.xml -
References () http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release - () http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release -
References () http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release - () http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release -
References () http://www.novell.com/linux/security/advisories/2007_24_sr.html - () http://www.novell.com/linux/security/advisories/2007_24_sr.html -
References () http://www.securityfocus.com/bid/24161 - Exploit () http://www.securityfocus.com/bid/24161 - Exploit
References () http://www.vupen.com/english/advisories/2007/2216 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2216 - Vendor Advisory

Information

Published : 2007-06-14 23:30

Updated : 2024-11-21 00:32


NVD link : CVE-2007-3227

Mitre link : CVE-2007-3227

CVE.ORG link : CVE-2007-3227


JSON object : View

Products Affected

rubyonrails

  • rails
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')