VYPR
Moderate severityNVD Advisory· Published Aug 10, 2012· Updated Jun 16, 2026

CVE-2012-3465

CVE-2012-3465

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
actionpackRubyGems
>= 3.0.0.beta, < 3.0.173.0.17
actionpackRubyGems
>= 3.1.0, < 3.1.83.1.8
actionpackRubyGems
>= 3.2.0, < 3.2.83.2.8
actionpackRubyGems
< 2.3.162.3.16

Affected products

143
  • Rubyonrails/Rails130 versions
    cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*+ 129 more
    • cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*range: <=3.0.16
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 3.0.0.beta, < 3.0.17

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.