CVE-2009-3009 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3009 Interim 1 5 2023-12-09T02:02:39Z current 2021-05-30T12:48:14Z 2023-12-09T02:02:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3009 Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLEQAE5ZU7UH4KZNKCUCE2NOQYOZK7SM/#WLEQAE5ZU7UH4KZNKCUCE2NOQYOZK7SM E-Mail link for SUSE-SR:2009:017 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. CVE-2009-3009 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N