Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2011-4319
Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / ruby_on_rails | 3.0.4 | 3.0.4.x |
| rubyonrails / rails | 3.0.0-beta | 3.0.0-beta.x |
| rubyonrails / rails | 3.0.0-beta2 | 3.0.0-beta2.x |
| rubyonrails / rails | 3.0.0-beta3 | 3.0.0-beta3.x |
| rubyonrails / rails | 3.0.0-beta4 | 3.0.0-beta4.x |
| rubyonrails / rails | 3.0.0-rc | 3.0.0-rc.x |
| rubyonrails / rails | 3.0.0-rc2 | 3.0.0-rc2.x |
| rubyonrails / rails | 3.0.1-pre | 3.0.1-pre.x |
| rubyonrails / rails | 3.0.2-pre | 3.0.2-pre.x |
| rubyonrails / rails | 3.0.0 | 3.0.0.x |
| rubyonrails / rails | 3.0.10-rc1 | 3.0.10-rc1.x |
| rubyonrails / rails | 3.0.10 | 3.0.10.x |
| rubyonrails / rails | 3.0.1 | 3.0.1.x |
| rubyonrails / rails | 3.0.2 | 3.0.2.x |
| rubyonrails / rails | 3.0.3 | 3.0.3.x |
| rubyonrails / rails | 3.0.4-rc1 | 3.0.4-rc1.x |
| rubyonrails / rails | 3.0.5 | 3.0.5.x |
| rubyonrails / rails | 3.0.5-rc1 | 3.0.5-rc1.x |
| rubyonrails / rails | 3.0.6-rc1 | 3.0.6-rc1.x |
| rubyonrails / rails | 3.0.6-rc2 | 3.0.6-rc2.x |
| rubyonrails / rails | 3.0.6 | 3.0.6.x |
| rubyonrails / rails | 3.0.7-rc1 | 3.0.7-rc1.x |
| rubyonrails / rails | 3.0.7-rc2 | 3.0.7-rc2.x |
| rubyonrails / rails | 3.0.7 | 3.0.7.x |
| rubyonrails / rails | 3.0.8-rc1 | 3.0.8-rc1.x |
| rubyonrails / rails | 3.0.8-rc2 | 3.0.8-rc2.x |
| rubyonrails / rails | 3.0.8-rc3 | 3.0.8-rc3.x |
| rubyonrails / rails | 3.0.8-rc4 | 3.0.8-rc4.x |
| rubyonrails / rails | 3.0.8 | 3.0.8.x |
| rubyonrails / rails | 3.0.9-rc1 | 3.0.9-rc1.x |
| rubyonrails / rails | 3.0.9-rc2 | 3.0.9-rc2.x |
| rubyonrails / rails | 3.0.9-rc3 | 3.0.9-rc3.x |
| rubyonrails / rails | 3.0.9-rc4 | 3.0.9-rc4.x |
| rubyonrails / rails | 3.0.9 | 3.0.9.x |
| rubyonrails / rails | 3.0.9-rc5 | 3.0.9-rc5.x |
| rubyonrails / rails | 3.1.0-beta1 | 3.1.0-beta1.x |
| rubyonrails / rails | 3.1.0-rc1 | 3.1.0-rc1.x |
| rubyonrails / rails | 3.1.0-rc2 | 3.1.0-rc2.x |
| rubyonrails / rails | 3.1.0-rc3 | 3.1.0-rc3.x |
| rubyonrails / rails | 3.1.0-rc4 | 3.1.0-rc4.x |
| rubyonrails / rails | 3.1.0-rc5 | 3.1.0-rc5.x |
| rubyonrails / rails | 3.1.0-rc6 | 3.1.0-rc6.x |
| rubyonrails / rails | 3.1.0-rc7 | 3.1.0-rc7.x |
| rubyonrails / rails | 3.1.0 | 3.1.0.x |
| rubyonrails / rails | 3.1.0-rc8 | 3.1.0-rc8.x |
| rubyonrails / rails | 3.1.1-rc1 | 3.1.1-rc1.x |
| rubyonrails / rails | 3.1.1-rc2 | 3.1.1-rc2.x |
| rubyonrails / rails | 3.1.1 | 3.1.1.x |
| rubyonrails / rails | 3.1.1-rc3 | 3.1.1-rc3.x |
| rubyonrails / rails | 2.3.2 | 2.3.2.x |
| rubyonrails / rails | 2.3.3 | 2.3.3.x |
| rubyonrails / rails | 2.3.4 | 2.3.4.x |
| rubyonrails / rails | 2.3.9 | 2.3.9.x |
| rubyonrails / rails | 2.3.10 | 2.3.10.x |
| rubyonrails / rails | 2.3.11 | 2.3.11.x |
| rubyonrails / rails | 2.3.12 | 2.3.12.x |
rails
|
3.0.0 | 3.0.11 |
|
rails
|
3.1.0 | 3.1.2 |
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
- http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
- http://openwall.com/lists/oss-security/2011/11/18/8
- http://osvdb.org/77199
- http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
- http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
- http://www.securityfocus.com/bid/50722
- http://www.securitytracker.com/id?1026342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71364