1. Home
  2. CVE Database
  3. CVE-2011-2931
MEDIUM · 4.3

CVE-2011-2931

Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x be...

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
RubyonrailsRails2.0.0
RubyonrailsRuby On Rails3.0.4

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2011-2931?

CVE-2011-2931 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x be...

How severe is CVE-2011-2931?

CVE-2011-2931 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2931?

Check the references section above for vendor advisories and patch information. Affected products include: Rubyonrails Rails, Rubyonrails Ruby On Rails.