VulnerableCode Vulnerability Details - VCID-c1w4-z275-tqg7

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-c1w4-z275-tqg7

Essentials
Severities (16)
References (14)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-c1w4-z275-tqg7
Aliases	CVE-2012-3463 GHSA-98mf-8f57-64qf OSV-84515
Summary	Ruby on Rails Potential XSS Vulnerability in select_tag prompt When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2013-0154.html
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
epss	0.00333	https://api.first.org/data/v1/epss?cve=CVE-2012-3463
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-98mf-8f57-64qf
generic_textual	MODERATE	https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
generic_textual	MODERATE	https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
generic_textual	MODERATE	https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-3463
generic_textual	MODERATE	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

Reference id	Reference type	URL
		http://rhn.redhat.com/errata/RHSA-2013-0154.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
		https://api.first.org/data/v1/epss?cve=CVE-2012-3463
		https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
		https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
		https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
		https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
		https://nvd.nist.gov/vuln/detail/CVE-2012-3463
		http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
		http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
847196		https://bugzilla.redhat.com/show_bug.cgi?id=847196
GHSA-98mf-8f57-64qf		https://github.com/advisories/GHSA-98mf-8f57-64qf
RHSA-2012:1542		https://access.redhat.com/errata/RHSA-2012:1542
RHSA-2013:0154		https://access.redhat.com/errata/RHSA-2013:0154

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.56001
EPSS Score	0.00333
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:46:47.131500+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-3463.yml	38.0.0