VYPR
Moderate severityNVD Advisory· Published Aug 10, 2012· Updated Jun 16, 2026

CVE-2012-3463

CVE-2012-3463

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
actionpackRubyGems
>= 3.0, < 3.0.173.0.17
actionpackRubyGems
>= 3.1.0, < 3.1.83.1.8
actionpackRubyGems
>= 3.2.0, < 3.2.83.2.8

Affected products

81
  • Rubyonrails/Rails79 versions
    cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*+ 78 more
    • cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 3.0, < 3.0.17

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.