CVE-2012-3463: Ruby on Rails Potential XSS Vulnerability in select_tag prompt
(updated )
When a value for the prompt
field is supplied to the select_tag
helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
References
Detect and mitigate CVE-2012-3463 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →