Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5h8t-y9tc-sqgg
Vulnerability ID VCID-5h8t-y9tc-sqgg
Aliases CVE-2007-3227
GHSA-gm25-fpmr-43fj
OSV-36378
Summary Moderate severity vulnerability that affects rails Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://bugs.gentoo.org/show_bug.cgi?id=195315
generic_textual MODERATE http://dev.rubyonrails.org/ticket/8371
generic_textual MODERATE http://osvdb.org/36378
generic_textual MODERATE http://pastie.caboo.se/65550.txt
epss 0.13946 https://api.first.org/data/v1/epss?cve=CVE-2007-3227
generic_textual MODERATE http://secunia.com/advisories/25699
generic_textual MODERATE http://secunia.com/advisories/27657
generic_textual MODERATE http://secunia.com/advisories/27756
generic_textual MODERATE http://security.gentoo.org/glsa/glsa-200711-17.xml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gm25-fpmr-43fj
generic_textual MODERATE https://github.com/advisories/GHSA-gm25-fpmr-43fj
generic_textual MODERATE https://github.com/rails/rails
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2007-3227
generic_textual MODERATE http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
generic_textual MODERATE http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
generic_textual MODERATE http://www.novell.com/linux/security/advisories/2007_24_sr.html
generic_textual MODERATE http://www.securityfocus.com/bid/24161
generic_textual MODERATE http://www.vupen.com/english/advisories/2007/2216
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=195315
http://dev.rubyonrails.org/ticket/8371
http://osvdb.org/36378
http://pastie.caboo.se/65550.txt
https://api.first.org/data/v1/epss?cve=CVE-2007-3227
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
http://secunia.com/advisories/25699
http://secunia.com/advisories/27657
http://secunia.com/advisories/27756
http://security.gentoo.org/glsa/glsa-200711-17.xml
https://github.com/advisories/GHSA-gm25-fpmr-43fj
https://github.com/rails/rails
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml
https://nvd.nist.gov/vuln/detail/CVE-2007-3227
http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.securityfocus.com/bid/24161
http://www.vupen.com/english/advisories/2007/2216
429177 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
CVE-2007-3227;OSVDB-36378 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
CVE-2007-3227;OSVDB-36378 Exploit https://www.securityfocus.com/bid/24161/info
GLSA-200711-17 https://security.gentoo.org/glsa/200711-17
Data source Exploit-DB
Date added May 25, 2007
Description Ruby on Rails 1.2.3 To_JSON - Script Injection
Ransomware campaign use Known
Source publication date May 25, 2007
Exploit type remote
Platform linux
Source update date Dec. 7, 2013
Source URL https://www.securityfocus.com/bid/24161/info
Exploit Prediction Scoring System (EPSS)
Percentile 0.94437
EPSS Score 0.13946
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:57:06.388310+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-gm25-fpmr-43fj/GHSA-gm25-fpmr-43fj.json 38.6.0