CVE-2007-3227
Ruby on Rails - Cross-Site Scripting via ActiveRecord::Base#to_json Input Values
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3227. PoCs published by BCC.
AI-analyzed exploit summary The provided text describes a script-injection vulnerability (XSS) in Ruby on Rails 1.2.3 due to improper input sanitization. It references a security advisory but does not include actual exploit code.
Description
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by BCC · textremotelinux
https://www.exploit-db.com/exploits/30089
The provided text describes a script-injection vulnerability (XSS) in Ruby on Rails 1.2.3 due to improper input sanitization. It references a security advisory but does not include actual exploit code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target:
Ruby on Rails 1.2.3
No auth needed
Prerequisites:
User-supplied input reflected in dynamically generated content
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (13)
Core 13
Core References
Various Sources x_refsource_confirm
http://pastie.caboo.se/65550.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25699
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2216
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200711-17.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27756
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36378
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=195315
Various Sources x_refsource_confirm
http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release
Various Sources x_refsource_confirm
http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_24_sr.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27657
Various Sources x_refsource_confirm
http://dev.rubyonrails.org/ticket/8371
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24161
Scores
EPSS
0.0368
EPSS Percentile
88.4%
Details
CWE
CWE-79
Status
published
Products (2)
rubygems/rails
0 - 1.2.5RubyGems
rubyonrails/rails
1.1.5
Published
Jun 14, 2007
Tracked Since
Feb 18, 2026