Back to search
CVE-2011-0446
Published: Feb 14, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2011-0587
vdb-entry
x_refsource_VUPEN
FEDORA-2011-2138
vendor-advisory
x_refsource_FEDORA
46291
vdb-entry
x_refsource_BID
DSA-2247
vendor-advisory
x_refsource_DEBIAN
FEDORA-2011-4358
vendor-advisory
x_refsource_FEDORA
43274
third-party-advisory
x_refsource_SECUNIA
1025064
vdb-entry
x_refsource_SECTRACK
[rubyonrails-security] 20110209 Potential XSS Problem with mail_to :encode => :javascript
mailing-list
x_refsource_MLIST
ADV-2011-0877
vdb-entry
x_refsource_VUPEN
FEDORA-2011-2133
vendor-advisory
x_refsource_FEDORA
43666
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now