mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 17:21:57 +00:00
97 lines
3.6 KiB
JSON
97 lines
3.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"ID": "CVE-2012-1099",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "FEDORA-2012-3321",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2012/03/03/1"
|
|
},
|
|
{
|
|
"name": "FEDORA-2012-3355",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html"
|
|
},
|
|
{
|
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=799276",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276"
|
|
},
|
|
{
|
|
"name": "DSA-2466",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2012/dsa-2466"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
|
|
"refsource": "MLIST",
|
|
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/6"
|
|
},
|
|
{
|
|
"name": "[rubyonrails-security] 20120301 XSS Vulnerability in the select helper",
|
|
"refsource": "MLIST",
|
|
"url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain"
|
|
},
|
|
{
|
|
"name": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"
|
|
}
|
|
]
|
|
}
|
|
} |