• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ruby on Rails Form Helpers Unicode String Handling Cross Site Scripting Vulnerability

Bugtraq ID:	36278
Class:	Input Validation Error
CVE:	CVE-2009-3009
Remote:	Yes
Local:	No
Published:	Sep 04 2009 12:00AM
Updated:	Dec 21 2009 08:43AM
Credit:	Brian Mastenbrook
Vulnerable:	S.u.S.E. SLE 11 S.u.S.E. openSUSE 11.0 Ruby on Rails Ruby on Rails 2.3.3 Ruby on Rails Ruby on Rails 2.3.2 Ruby on Rails Ruby on Rails 2.2.2 Ruby on Rails Ruby on Rails 2.1.1 Ruby on Rails Ruby on Rails 2.1 Ruby on Rails Ruby on Rails 2.0.5 Ruby on Rails Ruby on Rails 2.0.4 Ruby on Rails Ruby on Rails 2.0 RedHat Fedora 11 RedHat Fedora 10 Gentoo Linux Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0
Not Vulnerable:	Ruby on Rails Ruby on Rails 2.3.4 Ruby on Rails Ruby on Rails 2.2.3