Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-2197 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-2197

Medium
Reference: CVE-2011-2197
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-2197
Title: Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12 3.0.x before 3.0.8 and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method as demonstrated by the sub method.