Upstream information
Description
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.SUSE information
| National Vulnerability Database | |
|---|---|
| Base Score | 4.30 |
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
- SUSE-SU-2013:0194-1, published Thu Jan 24 15:04:15 MST 2013
- SUSE-SU-2013:0208-1, published Tue Jan 29 12:04:14 MST 2013
- SUSE-SU-2013:0209-1, published Tue, 29 Jan 2013 20:04:18 +0100 (CET)
- openSUSE-SU-2012:1218-1, published Wed, 19 Sep 2012 17:08:35 +0200 (CEST)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise High Availability Extension 11 SP2 |
| Patchnames: sleshasp2-hawk |
| SUSE Linux Enterprise Software Development Kit 11 SP2 |
| Patchnames: sdksp2-rubygem-actionpack-2_3 sdksp2-rubygem-activesupport-2_3 |
| SUSE Studio Onsite Runner 1.2 |
| Patchnames: slestso12-rubygem-actionpack-2_3 slestso12-rubygem-activesupport-2_3 |
| SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Standard Edition 1.2 WebYaST 1.2 |
|
Builds SAT Patch Nr: 7027 |
| SUSE Studio Extension for System z 1.2 SUSE Studio Onsite 1.2 [Appliance - Studio] SUSE Studio Standard Edition 1.2 WebYaST 1.2 |
|
Builds SAT Patch Nr: 7031 |
| SUSE Linux Enterprise High Availability Extension 11 SP2 |
|
Builds SAT Patch Nr: 7078 |
| SUSE Cloud 1.0 SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7030 |
| SUSE Cloud 1.0 SUSE Linux Enterprise Software Development Kit 11 SP2 |
|
Builds SAT Patch Nr: 7026 |
| openSUSE 11.4 |
| Patchnames: openSUSE-2012-624 |