Home > Vulnerability Database > CVE-2009-3009

Mend.io Vulnerability Database

CVE-2009-3009

Good to know:

Date: September 8, 2009

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

Language: Ruby

Severity Score

3.7

Related Resources (18)

Url: http://www.vupen.com/english/advisories/2009/2544

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

Url: http://www.debian.org/security/2009/dsa-1887

Url: http://secunia.com/advisories/36717

Url: https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

Url: http://support.apple.com/kb/HT4077

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3009

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml

Url: http://secunia.com/advisories/36600

Url: http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/53036

Url: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Url: http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

Url: http://www.securityfocus.com/bid/36278

Url: http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

Url: http://www.osvdb.org/57666

Url: http://securitytracker.com/id?1022824

Url: https://www.mend.io/vulnerability-database/CVE-2009-3009

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 2.2.3,2.3.4

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-3009

Good to know:

Date: September 8, 2009

Language: Ruby

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?