{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T13:12:45.531","vulnerabilities":[{"cve":{"id":"CVE-2009-3009","sourceIdentifier":"cve@mitre.org","published":"2009-09-08T18:30:00.327","lastModified":"2025-04-09T00:30:58.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper."},{"lang":"es","value":"Vulnerabilidad de ejecución secuencias de comandos en sitios cruzados (XSS) en Roby en Rails v2.x anterior 2.2.3, y v2.3.x anterior v2.3.4, permite a atacantes remotos inyectar código web o HTML a su elección colocando cadenas malformadas Unicode en un formulario de ayuda."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"50EEAFDA-7782-4E1E-9058-205AD4BE9A01"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"CAC748BB-BFC5-44F7-B633-CEEBB1279889"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"38CF2C31-70BB-41D3-9462-0A8B9869A5F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F8584B37-7950-4C89-83D2-04E1ACDC60BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8CB26F65-5CFB-4BF8-BCC4-679327D4A8DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"EF12EA5D-5EB5-46A8-AC60-65B327D610AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"87B4B121-94BD-4E0F-8860-6239890043B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"63CF211C-683E-4F7D-8C62-05B153AC1960"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"456A2F7E-CC66-48C4-B028-353D2976837A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"9B1CDAFA-2AC6-4C46-9E65-0BE9127E770F"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F9806A84-2160-40EA-9960-AE7756CE4E0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"07EC67D4-3D0F-4FF9-8197-71175DCB2723"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"D1467583-23E9-4E2B-982D-80A356174BB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"4DC784C0-5618-4C32-8C17-BE7041656E14"}]}]}],"references":[{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","source":"cve@mitre.org"},{"url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/36600","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/36717","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://securitytracker.com/id?1022824","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://support.apple.com/kb/HT4077","source":"cve@mitre.org"},{"url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2009/dsa-1887","source":"cve@mitre.org"},{"url":"http://www.osvdb.org/57666","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/36278","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2009/2544","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036","source":"cve@mitre.org"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/36600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/36717","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://securitytracker.com/id?1022824","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://support.apple.com/kb/HT4077","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2009/dsa-1887","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.osvdb.org/57666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/36278","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/2544","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53036","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}