Search for packages
| purl | pkg:gem/actionpack@3.2.0.alpha0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1rgy-k7a9-m7au
Aliases: CVE-2012-1099 GHSA-2xjj-5x6h-8vmf OSV-79727 |
XSS via posted select tag options Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Affected by 54 other vulnerabilities. Affected by 54 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:46.692761+00:00 | GitLab Importer | Affected by | VCID-1rgy-k7a9-m7au | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-1099.yml | 38.0.0 |