Ruby on Rails 'strip_tags()' Non-Printable Character Cross Site Scripting Vulnerability

Bugtraq ID: 37142
Class: Input Validation Error
CVE: CVE-2009-4214
Remote: Yes
Local: No
Published: Nov 27 2009 12:00AM
Updated: Apr 13 2015 09:36PM
Credit: Gabe da Silveira
Vulnerable: SuSE SUSE Linux Enterprise 11
SuSE SUSE Linux Enterprise 10 SP3
SuSE SUSE Linux Enterprise 10 SP2
S.u.S.E. openSUSE 11.2
Ruby on Rails Ruby on Rails 2.3.4
Ruby on Rails Ruby on Rails 2.3.3
Ruby on Rails Ruby on Rails 2.3.2
Ruby on Rails Ruby on Rails 2.2.3
Ruby on Rails Ruby on Rails 2.2.2
Ruby on Rails Ruby on Rails 2.1.1
Ruby on Rails Ruby on Rails 2.1
Ruby on Rails Ruby on Rails 2.0.5
Ruby on Rails Ruby on Rails 2.0.4
Ruby on Rails Ruby on Rails 2.0
Ruby on Rails Ruby on Rails 1.2.6
Ruby on Rails Ruby on Rails 1.2.5
Ruby on Rails Ruby on Rails 1.2.3
Ruby on Rails Ruby on Rails 1.1.6
Ruby on Rails Ruby on Rails 1.1.5
Ruby on Rails Ruby on Rails 1.1.4
Ruby on Rails Ruby on Rails 1.1.3
Ruby on Rails Ruby on Rails 1.1.2
Ruby on Rails Ruby on Rails 1.1.1
Ruby on Rails Ruby on Rails 1.1
Ruby on Rails Ruby on Rails 1.0
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.5.8
Apple Mac OS X 10.6
Not Vulnerable: Ruby on Rails Ruby on Rails 2.3.5


 

Privacy Statement
Copyright 2010, SecurityFocus