Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-08T18:00:00

Updated: 2024-08-07T06:14:55.295Z

Reserved: 2009-08-29T00:00:00

Link: CVE-2009-3009

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-09-08T18:30:00.327

Modified: 2024-11-21T01:06:17.827

Link: CVE-2009-3009

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-09-03T00:00:00Z

Links: CVE-2009-3009 - Bugzilla